nedas boston workshop presentations - july 15, 2015
TRANSCRIPT
NEDAS Boston Workshops & Social District Hall
Wednesday, July 15, 2015
#NEDASBoston
Interference HunCng: Tools and Service SoluCons
Presenters
Marc Nguessan SeeWave Product Manager
James Zik Vice President, Product
Management and Management
Presented by PCTEL
3
James Zik, VP Product Management Marc Nguessan, Product Manager
July 15, 2015
NEDAS Interference Hun8ng Workshop
❑ Introduction ❑ Why is Interference a Problem? ❑ Six Case Studies
❑ Interference Mechanisms ❑ Important Considerations ❑ Summary
4
Agenda
5
PCTEL delivers Performance CriCcal Telecom soluCons for public and private wireless networks. Connected Solu8ons™ designs and delivers performance criCcal
antennas and site soluCons for wireless networks globally. Our antennas support evolving wireless standards for cellular, private, and broadband networks. RF Solu8ons develops and provides test equipment, soPware, and engineering services for wireless networks. The industry relies upon PCTEL to benchmark network performance, analyze trends, and opCmize wireless networks.
Performance Critical Telecom:
6
Network Engineering Services Expert Knowledge, Exceptional Tools Provides wireless network services with an emphasis on in-building DAS. ✓ Network Benchmarking ✓ Baseline Testing ✓ CW Testing ✓ Design ✓ Commissioning ✓ Optimization ✓ Acceptance ✓ Interference Mitigation ✓ Consulting
Carriers
Neutral Host
OEMs
Integrators
PCTEL Customers
Why is Interference a Problem?
9
What is interference? ❑ Interference is an unwanted RF signal (in the cellular frequencies) caused by numerous electronic sources (including harmonics) that negaCvely affect mobile communicaCon What frequencies are most affected by interference? ❑ Interference can affect all mobile bands, but is a larger issue at the lower frequencies (300 to 900 MHz) due to the RF propagaCon of these frequencies. Higher frequencies (approx. >1700 MHz) are disposed to be more line-‐of-‐sight and more easily reflected with low penetraCon into buildings
Why is LTE more affected by interference? ❑ LTE is more affected by interference since LTE networks offer higher spectral efficiency in bits per second per Hz, but require higher levels of SINR to achieve that performance
vs
2600 MHz 700 MHz
Interference
LTE Networks Effects – Signal to Interference/Noise Ratio (SINR) ❑ SINR: Critical Measurement quantifying the relationship between RF conditions and throughput ‒ VoLTE requires high SINR (target >12 dB) or will result in dropped calls or uses high percentage of network bandwidth ‒ MIMO is ineffective with low SINR levels, requires high SINR (10-20 dB)
Customer Experience Effects
❑ Video Pixilation ❑ Poor voice quality ❑ Dropped calls/sessions ❑ Low data throughput ❑ Latency due to retransmission
Business Effects (Lost Revenue)
❑ Poor quality-of-service ❑ Customer churn
10
Problems Interference Causes
❑ US Mobile Operator Customer Attrition*
❑ Low network quality/speed of services is largest reason for attrition (12% in the previous year of the study i.e. normalized to a full yr: 6%) ➢ (100M customers * 6% churn (normalized) * 35% low QoS * $600/ARPU/year *
90% RAN issues) = $1.1B problem (year 1)
30%
35%
26%
*Ovum Report “Who Cares Wins” commissioned by Tektronix - Feb. 2014.
Why is Interference Abatement Important?
❑ Spectrum clearing when new or re-farmed spectrum becomes available ‒ Mobile operators must clear both uplink and downlink interference sources before network turn-up for any band
❑ DAS Verification, DAS Commissioning ❑ In-service interference that is affecting the quality-of-service of the network (uplink)
12
When do You Test for Interference?
Uplink In-service Interference ❑ Mobile operators search for uplink interference when base station Received Total Wideband Power (RTWP) reports a quality affecting level at base station (LTE) ❑ Customers report problems in an area ❑ Uplink more sensitive to interference due to mobile transmission restrictions (+23 dBm UE i.e. 0.2 Watts)
Downlink In-service Interference
❑ Downlink QoS issues are not as common from external interference sources, unless interferer is extremely powerful (sometimes with passive intermodulation), since the high powered signal from tower typically masks downlink interference sources
13
LTE eNB Tx Power: +45 dBm Rx Sensitivity: -123 dBm -102 to -105 dBm causes interference
LTE UE Tx Power: +23 dBm Rx Sensitivity: -95 dBm
Mobile Networks In-service Sensitivity
Six Case Studies
14
15
Lights Out (700, 1900 and AWS bands) Extremely high uplink noise levels discovered during DAS Commissioning
Interference found to occur only during day time and early evening
Case Study #1 – Newark, DE Sept 2014
16
SeeWave pointing away from interference source
SeeWave pointing toward the interference source
Interference locating in one particular section of the mall ❑ Interferer not found during DAS System Verification since done in the middle of
the night ❑ Building owner agreed to replace 50 halogen light bulbs
Interferer: Halogen Light Bulbs
Case Study #1 – Newark, DE Sept 2014
17
Work in Progress (700, 850 bands) Extremely high uplink noise levels discovered during DAS System Verification (-95 to -85 dBm)
Interference found to occur only during day time and early evening in a small section of the mall
Case Study #2 – Denver, CO July 2015
18
Spectrum Analyzer near Source
Awaiting permission to enter OshKosh B’gosh Store to test lights or other potential sources
Suspected Interferer: Lighting
Case Study #2 – Denver, CO July 2015
19
Uber Boomer (1900 band) Tier One operator reports intermittent -75 dBm Received Total Wideband Power KPI on uplink and customer complaints on uplink (both in-building and outdoors)
SeeWave pointing away from interference source
SeeWave pointing toward the interference source
Case Study #3 – Maryland Suburbs (near Washington DC) June 2015
20
DoD representa8ve claimed to have recently installed a DAS system ❑ Unusual for DAS system to cause outside interference of -‐75 dBm, 1 mile away ❑ Classified buildings oPen don’t allow cell phone usage ❑ DAS systems are always on, not only for 5 hours a day, a couple Cmes a week ❑ Immediately agreed to permanently turn of their “DAS System”
Conclusion of Interferer type: Military Experiment
Interference Source: Classified Defense Contractor Building
Case Study #3 - Maryland Suburbs (near Washington DC) June 2015
The Pope is Calling (and we listened) (850 band) Tier One installs Cellular on Wheels (COWs) at Quito Airport to cover increased Cellular traffic for the Pope’s visit (both indoor and outdoor) and the system was barely useable due to high noise floor
Mobile Operator’s COW (the one working with PCTEL) turned off for test
Competitor Mobile Operator’s COW (powered on)
Case Study #4 – Quito, Ecuador July 2015
22
SeeWave poin8ng away from interference source Low Noise floor
SeeWave poin8ng towards interference source High Noise floor
Compe8tor’s COW was interfering with uplink in the -‐95 to -‐100 dBm ❑ Adjustments needed to be made on compe8tors COWs ❑ Only authorized to place COWs in this loca8on
Interferer: COW
Case Study #4 – Quito, Ecuador July 2015
SeeWave poin8ng away from interference source
Case Study #5 - San Francisco, CA Oct 2014
23
SeeWave poin8ng toward interference source
Lost my Signal in San Francisco Tier One operator reports quality affecCng Received Total Wideband Power KPI on uplink
Case Study #5 -‐ San Francisco, CA Oct 2014
BTS signal leaking into another carrier’s spectrum Conclusion on Interferer type: Faulty BTS/BTS infrastructure 24
Case Study #5 - San Francisco, CA Oct 2014
25
Billboard Torture (700 band) Tier One optimization engineer finds very low SINR from drive test analysis
SeeWave pointing away from interference source
SeeWave pointing towards interference source
Case Study #6 – Nashville, TN Nov 2014
26 Digital Billboard employs wireless radio device for upda8ng billboard
Interferer type: Wireless Radio Device on Digital Billboard
Case Study #6 – Nashville, TN Nov 2014
Interference Mechanisms
27
❑ Modulated Sources ❑ Un-modulated Sources ❑ Harmonics ❑ Passive intermodulation (PIM) ❑ Repeaters/BDAs ❑ Intentional Interference
28
Interference Types
❑ Devices intended to transmit RF signals ❑ Unwanted interference occurs when these devices are malfunctioning or are operated improperly (usually narrowband signals) ❑ Compliant RF transmitters may create interference from harmonics, intermodulation, etc. ❑ Common sources of modulated interferers include: ‒ Unplugged Cable TV Output
29
Modulated Sources
❑ Un-‐modulated sources of interference are created from electric devices that unintenConally create RF signals ‒ ConCnuous Noise ‒ Impulse Noise
❑ Common sources of conCnuous noise include: ‒ Electric Motors ‒ Ballast in neon lighCng ‒ Faulty transformers ‒ Security and infrared Cameras ‒ Vehicle igniCon systems ‒ Baby Monitors
30
LTE Noise floor raised by electric
motor
Un-Modulated Sources
❑ Impulse Noise from un-‐modulated sources are created when the electricity flow is turned on and off
❑ Common sources of impulse noise include:
‒ Electric Motors (elevators, manufacturing plants, farms, etc.)
‒ Electric Fences ‒ Welding
‒ Parking Gates ‒ Wireless Speakers
‒ Arcing power lines ‒ Light dimmers
‒ Lightning suppression devices ‒ Commercial baking ovens
‒ Beacons on top of cell towers ‒ Garage door openers ‒ TV remotes
31
Un-Modulated Sources
❑ A harmonic is a mulCple of the RF carrier (fundamental frequency) ‒ A 750 MHz frequency can produce harmonics at 1500 MHz, 2250 MHz, 3000 MHz, etc.
❑ Legal large powered transmikers (megawak) can produce a 1 Wak third harmonic ‒ TV transmikers of 570 to 585 MHz (channels 30 – 33) can cause problems on E-‐UTRA 4 (AWS) uplink (1710 – 1755 MHz) band if the AWS sector is close to the TV transmiker
32
925 MHz harmonic from a 462.5 MHz 2-way
radio
Harmonics
❑ Cellular repeater or bidirectional amplifiers ‒ Used to extend in-building cellular coverage or coverage in areas with marginal coverage ‒ Interference caused by malfunctioning BDAs or retransmission of undesirable signals at the BDA’s input
‒ Common source of interference, but difficult to locate
33 BDA
Amplifier
Dome Antenna
In-Building Repeater
Repeaters/BDAs
❑ Two or more strong signals combine appearing as a nonlinear transmimng device ‒ Can cause numerous interferers from the addiCon and subtracCon of fundamental frequencies with harmonics
❑ OPen called the “rusty bolt” effect ‒ MaCng of 2 metal objects can create a recCfier effect when corrosion is present ‒ Generates spurious signals that are radiated by the connected metal objects
❑ Common sources Rusty bolts, fences or barn roofs ‒ Corroded rooPop air condiConers ‒ Improperly connected or loose/dirty connectors in the cell tower antenna feed line ‒ Cell tower guy lines ‒ UClity poles or wires, rain gukers 34
Passive Intermodula8on
❑ OPen located in shopping malls, restaurants, schools, military bases
❑ Sources can be mobile (cars, trains, etc.)
❑ Civilian use is illegal ❑ Typically easy to idenCfy ‒ Strong constantly-‐on signal ❑ Usually raises noise floor
35
Jammer
Inten8onal Interference
Important Considera8ons
36
37
Scan Setup
Dual Scan Spectrum Analysis with Playback • Scan uplink and downlink for spectrum
clearing simultaneously • Set up separate scans for looking at harmonics
Spectrogram Waterfall Isolates Intermiaent Interferers
Map with Triangula8on Locates Source of Interference
-‐ Ergonomics -‐ Use of COTS Antennas (n-‐type conn.)
Spectrum Analysis Considera8ons
DF Antenna Radiation Patterns (typical) ❑ Many users tilt antenna on a 45 deg angle
38 Elevation (Vertical) Azimuth (Horizontal)
Antenna Angle
39
Mul8path ❑ MulCpath occurs when radio signals from one source reach the
receiving antenna via two or more paths ‒ Caused by reflecCons or refracCons off of bodies of water or
objects including building and mountains ‒ Very common in urban canyons
Mi8ga8on ❑ Find a locaCon away from buildings and metal objects
‒ Building roof ‒ Away from metal objects including vehicles
❑ When finding a good locaCon is not possible ‒ Go to an intersecCon and point antenna in each the direcCon of
each intersecCng street ‒ Follow the street with the highest signal from the interferer Mul8path can severely complicate loca8ng the source of the interferer
Radio Wave Mul8path
Summary
40
41
❑ Verizon 700 MHz LTE cell site is latest vicCm of interference from fluorescent lights
❑ Time Warner Cable Experience Verizon LTE Interference in N.C. ‒ Time Warner Cable didn't take the steps to properly shield its boxes and/or cable system
❑ Florida teacher uses cellphone jammer to stop students’ texCng, draws a suspension
‒
Interference References
42
– Interference can be a significant source of customer dissaCsfacCon of a mobile network resulCng in customer churn and lost revenue
– External interference negaCvely affects LTE networks at lower signal levels than 2G and 3G technologies
– Interference hunCng is an on-‐going process since new interferers are conCnually created
Summary
43
http://rfsolutions.pctel.com
[email protected] [email protected]
For free LTE and Interference posters, please visit PCTEL RF Solutions website:
Questions?
Thank you!
RF Data CollecCon & Remote Control/Monitoring Using WINd© SoluCon
Presenters
Nikhil Gogaté Senior Director of Global
Business Strategy
Luis Najera Product Support Specialist
Presented by Solutelia
Connect via Bluetooth to the PCTel ibFLex Scanner Perform: TopN, RSSI, CW or Blind Scan
WINd App
Seamless Integra8on
ibWave Mobile Planner
Integrated ibWave Mobile Planner support:
RF Data collec8on and Site Survey in one
WINd App
WINd Console Real Time
Console Remote View allows Real-‐Time Access and Control: live data stream
WINd Console Report Manager
KPI and Interval Reports
Summary with Indoor or Outdoor Plots
Console Reports allows near Instant:
Real-‐Time KPI, Interval and On-‐Site Post Reports
Achieving Confidence in Cyberspace: It’s All about Risk Management
Presenter
John Holmblad Cyber Security OperaIons specialist with the US
Senate and Professor at the University of Maryland University College
Achieving Confidence In Cyberspace => Its All About Risk Management
NEDAS Summer Social - Training
John B. Holmblad [email protected]
703 407 2278
➢ About You ➢ About your Instructor, that is me
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 62
Introductions
Company Size (Employees)
Number of you Today’s Audience
1 2-10 11-100 101-1,000 1,001-10,000 >10,000
➢ 1. Goals of information security ➢ 2. The Threat, Vulnerability, Risk, and
Countermeasure Model ➢ 3. Threats ➢ 4. Vulnerabilities ➢ 5. Security policies and security mechanisms ➢ 6. Specific Countermeasures ➢ 7. The role of trust ➢ 8. Assurance ➢ 9. Operational Issues ➢ 10. Human Issues ➢ 11. Sources of Additional Information
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 63
Today’s Agenda
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 64
1. Goals of Information Security
➢ Prevention ➢ Prevent attackers from violating security policy ➢ A potential negative side-effect is that elaborate prevention can
hamper legitimate use (e.g. DRM)
➢ Detection ➢ Detect attackers’ violation of security policy ➢ Typically required because prevention is not always successful
➢ Recovery ➢ Stop attack, assess and repair/remediate damage ➢ Continue to function correctly even if attack succeeds (a kind of fault
tolerance)
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 65
What are the Goals of Information Security
➢ Our lives are dominated by information. ➢ We want that information to be ➢ Available to us when we want it ➢ Correct with respect to what it purports to be ➢ Denied to those to whom it should not be available
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 66
We are an Information Driven Society
➢ Information ➢ Protecting information that is stored, transmitted or
viewed on or by means of a computer. ➢ Protecting information resources
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 67
What are we interested in protecting?
In short, Yes! ➢ Organizations are under attack from both inside and outside the
company ➢ A wide range of attacks are extant (“in the wild”) ➢ Cyber attacks result in serious financial loss and, in some cases,
complete failure of the enterprise ➢ The appropriate level of defense requires more than information
security technologies
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 68
Is there A Problem that Needs Solving?
➢ Our entire information infrastructure is rife with vulnerabilities at both the design and at the implementation level ➢ Design: e.g. BGP, 802.11 WEP ➢ Implementation: e.g. Adobe Flash, Internet Explorer
➢ Vulnerabilities are being routinely exploited ➢ We most often aren’t aware of the exploitation until it is too
late.
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 69
What are the Key Issues?
➢ What is the problem. ➢ Why we have a problem. ➢ What solutions are available to us.
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 70
To achieve/maintain security of our Information We Must Understand
➢ Confidentiality ➢ Keeping data and resources hidden
➢ Integrity ➢ Data integrity (integrity) ➢ Origin integrity (authentication)
➢ Availability ➢ having access to data and resources
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 71
Information Security Services - Basic Components
➢ Lets consider these security services from the perspective of :
➢ P: A Physician ➢ S: A Student ➢ C: A Consumer
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 72
Information Security Services - Basic Components
➢ P: Passers-by must not see the medical record; it is only for the physician
➢ S: Student grades are a private matter
between the instructor and the student. ➢ C: Only Amazon’s billing organization
should be able to see the consumer’s credit card number
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 73
Readable ONLY by those who are authorized to receive/view /process it
➢ Confidentiality may apply to the properties of information as well as the
information itself: ➢ not how many with H1N1 Flu in the neighborhood, but is there H1N1 Flu at all ➢ why does this employee want to know about jobs at other places? ➢ does a government agency maintain information on a particular citizen?
➢ Confidentiality of resources for storing/maintaining information
➢ what computer systems are used, what configurations, what high-end equipment is available
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 74
Confidentiality of Information Properties (aka Metadata)
➢ Interception: Secret voice communication between two parties that is intercepted
➢ Ex-filtration: Product cost data that is supposed to remain within
the enterprise but which is ex-filtrated to a competitor ➢ Theft: User credentials (e.g. passwords) which are stolen
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 75
Examples of Confidentiality Violation
➢ P: The physician’s understanding of the patient's BP, allergies, prescribed drugs, etc. must all be correct and up to date for this patient.
➢ S: The student wants historically accurate information from primary sources where possible.
➢ C: The consumer wants the description and price of the book to be accurate
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 76
Integrity means that Information is Correct with respect to what it purports to be
➢ When personal information is maintained incorrectly by a service
provider (for example, a loan has been repaid but this is not noted in the customer’s credit rating)
➢ When information is changed by an entity that does not have the
authority to do so – can be malicious (thus constituting an origin and data integrity violation)
➢ Libel/defamation ➢ Incorrect source citation ➢ Integrity violations can be prevented but that is more difficult than
simply detecting them.
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 77
Examples of Integrity Violation
➢ P: A physician might look up a patient record prior to an examination. She needs the record now.
➢ S: A student wants information about the
holocaust for a research paper. Since he waited until the last minute it is important that the web sites are “up”.
➢ C: A consumer wants to purchase a book on
Amazon.com
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 78
Availability means that Information is Available to the user when the user wants it
➢ Denial of Service (DOS) attacks in: ➢ E-commerce, News sites, Government information, Remote
electronic voting
➢ DOS Attacks can occur at one of several points ➢ At the origin (preventing server from accessing resources
required to send info.) ➢ At the destination (blocking communication from server) ➢ At an intermediate path (by dropping communication from
either origin or destination) ➢ DOS attacks can be difficult to detect because system behavior
might be due to genuine system overload
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 79
Examples of Availability Violation
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 80
2. Threat, Vulnerability, Risk, and Countermeasure Model
➢ A threat agent attacks a vulnerability resulting in a risk of loss. ➢ Threats, Vulnerabilities and Countermeasures all interact to
affect the level of risk ➢ Countermeasure should mitigate (reduce) the Risk of Loss, by, eg:
➢ Eliminating the threat (Kill all the wolves) ➢ Eliminating the vulnerability (Build a brick house) ➢ Increasing the cost of attack (Make yourself poisonous to
wolves)
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 81
Threats, Vulnerabilities, Risks and Countermeasures
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 82
Threat
And Countermeasures
Vulnerability
Vulnerability Risk
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 83
Threat: An intent to do harm
➢ May refer to the threat agent (e.g., a terrorist, a fire, a tornado)
➢ Sometimes the word “threat” is mixed with ➢ The risk: e.g., Threat of financial loss ➢ The mechanism: e.g., threat of denial of service or threat of message interception
➢ A threat consists of : ➢ Threat Agent (individual or group) ➢ Means (e.g. resources and organization) ➢ Intent (plan to carry out attack)
➢ Risk represents the negative consequence of a threat acting on a vulnerability
➢ A company loses $100k due to online bank fraud ➢ A company loses $1M in sales because its web site is unavailable ➢ A company’s common shares lose $1b because of the negative
publicity as a consequence of its ineffective response to a security breach
➢ A Virus wipes out a student’s thesis and the student does not have a
backup disc and thus learns the lesson “to backup is divine”.
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 84
Risks to Information Security
➢ Information Security is ultimately about risk management.
➢ Understand what information is important to yourself or your organization and what is its value
➢ Understand the who-what-when –where of access to the information
➢ Make and informed decision about how much to invest to protect the assets based on their value and the financial risk associated with their loss.
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 85
Enterprise Risk Management
➢ What assets need protection
➢ What financial risk the enterprise will incur if it fails to protect the asset adequately
➢ How much it will cost to protect the asset
➢ What is the “residual risk”, that is the risk that remains after performing mitigation actions?
NEDAS Summer Social Training
Event July 15, 2015 ©2015 Televerage International 86
Risk Analysis is a process that helps the Enterprise to understand
➢ Government institutions and regulated business (e.g., financial and healthcare) are required by law (many laws actually!) to implement some security (e.g. PCI DSS for credit cards, HIPAA for healthcare, etc.)
➢ Many parts of the private sector have fewer regulatory and
legal mandates for cybersecurity although that is changing ➢ Driven by shareholder value/stock price ➢ Security is viewed as an expense with no clear revenue gain.
➢ Implementing security must always balance the cost with the benefit.
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 87
Cost vs. Benefits
➢ Examples of Resource Mis-allocation
➢ Purchasing an alarm system for $500,000 to protect a $100,000 town house
➢ Spending $200,000 on a Security Event Management System to
protect information assets that are worth only $50,000 ➢ Spending $500,000 on a state of the art Intrusion Prevention System
but failing to invest opex in training and ongoing operation and maintenance
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 88
It is Possible to Overspend/Misspend
➢ Identify the threats to enterprise assets ➢ Identify the vulnerabilities that are exploitable by the
threats ➢ Measure/assess the risk of the threat exploiting the
vulnerability ➢ Identify countermeasures and the corresponding
amount of risk mitigation as a consequence of the application of those countermeasures
➢ Measure the residual risk to the enterprise after risk mitigation
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 89
The Process For Risk Assessment
➢ Can you really determine the degree and source of the threat?
➢ Can you find all the vulnerabilities?
➢ How do you measure risk?
➢ What does the countermeasure cost and how much risk will it remove?
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 90
Problem Areas for Risk Management
➢ Risk = Expected Value of Loss.
➢ Given threats t, vulnerabilities v and random variable N(t, v)
that t exploits v N times during some defined time frame, for example over a one year period and the probabilistic mean of N is E(N(t,v))
and
➢ Given that the financial loss L resulting from t exploiting v is L(t, v), then
Risk = Σ E(N(t, v))*L(t, v)
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 91
Measuring Risk
(t, v)
➢ Annual Rate of Occurrence (ARO) ➢ E(N(t,v)) = 12 times per year
and
➢ Single Loss Expectancy (SLE) ➢ L(t, v) = $50,000
then
Annual Risk = Σ E(N(t, v))*L(t, v) = 12*$50,000 = $600,000 This is Annual Risk also referred to as the Annual Loss
Expectancy (ALE) NEDAS Summer Social Training
Event July 15, 2015 ©2015 Televerage International 92
Measuring Risk - An Example with some additional definitions
(t, v)
➢ Historically, risk estimators thought they could do this ➢ Annualized Loss Expectancy ➢ FIPSPUB31 Guidelines for Automatic Data Processing Physical Security
and Risk Management, 1974.
➢ In reality, however, It is often very difficult to assign meaningful values for P(t, v) and L(t, v). ➢ What is the true value of information? ➢ How do you determine the frequency of occurrence of a successfully
exploited vulnerability?
➢ Providers of cyber-risk insurance are developing/improving actuarial information bases to quantify cyber-risks
➢ As the Cyber-risk insurance market matures risk models will become more accurate in their predictive capability
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 93
This is not so easy to quantify
➢ Not necessarily ➢ Some entity has to exploit the vulnerabilities
➢ Are there any threats?
➢ What are threats and vulnerabilities anyway?
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 94
Does the presence of Vulnerabilities imply that there is a material risk?
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 95
3. Threats
➢ Disclosure ➢ Snooping
➢ Deception ➢ Modification, spoofing (masquerading, identity theft),
repudiation of origin, denial of receipt ➢ Disruption ➢ Modification
➢ Usurpation: unauthorized control ➢ Modification, spoofing, delay, denial of service
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 96
Threats Classified by Potential Security Violation
➢ Delay of access ➢ Denial of access ➢ Destruction ➢ Disclosure ➢ Modification
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 97
Threat Impacts on Information
➢ Threat types are not mutually exclusive and they can be natural or man-made. ➢ Managers must act to mitigate risks no matter what the source.
➢ The threat agent somehow acts to delay the delivery or execution of information services ➢ A natural disaster cutting power or damaging a facility ➢ A malicious hacker interfering with the network ➢ A disgruntled employee deliberately slowing a critical
enterprise workload thereby reducing throughput
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 98
Delay
➢ An extreme form of Delay, where information services are unavailable for an extended period of time ➢ A “Distributed Denial of Service” (DDOS) Attack ➢ An animal falling into electrical equipment and thereby
taking out a part of the power grid ➢ An earthquake
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 99
Denial
➢ Information or resources are completely destroyed. ➢ A Catastrophic fire, earthquake, tornado, etc. ➢ A computer virus reformatting the hard drive ➢ A hacker deleting files.
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 10
0
Destruction
➢ The classic INFOSEC threat. Exposing sensitive information to unauthorized persons ➢ Military context: “Loose lips sink ships” ➢ An actor’s medical data exposed to the National Enquirer ➢ Consumer credit card numbers exposed to criminal
hackers ➢ Information ex-filtration
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 10
1
Disclosure
➢ The unauthorized changing of information. ➢ Possibly one of the more insidious problems as you may
not be aware of it as it is happening. ➢ A medical record incorrectly changed to show no penicillin
allergy. ➢ Geographic data subtly changed resulting in mission failure.
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 10
2
Modification
➢ Insiders used to be considered the primary threat. This is changing
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 10
3
Insider Threat
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 10
4
4. Vulnerabilities
➢ Vulnerabilities are “weaknesses” in the target that allow the threat agent to act
➢ Software flaws (e.g. buffer overflow)
➢ Weak or no passwords
➢ Incorrectly configured perimeter protection (firewalls)
➢ Poorly trained staff
➢ Human susceptibility to Social Engineering
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 10
5
Vulnerabilities to Computers and Networks
➢ Most common is the “buffer overflow” flaw
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 10
6
Software Flaws
1…………….………….1024 1010100101…1010………1
Programmer expected 1024 input bits but fails to design the software to incorporate a safety (bounds) check.
Code contained in this area
Buffer
➢ Most common is the “buffer overflow”
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 10
7
Software Flaws
1…………….………….1024 1010100101…1010………111011101010010110000100010101001000100100111110101010100101000001111010110100101110101000111101010101011101001111000000000000110100011111110101010100001011010010000101001000101111110101010010101010101
Attacker feeds >>> 1024 input bits
And fills this area with attacker’s own executable code
Buffer Overflow
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 10
8
5. Security Policies and Security Mechanisms
➢ A Security policy says what is, and is not, allowed ➢ This defines “security” for the site/system/etc. ➢ Can be in natural/machine-readable language, or within
a mathematical framework ➢ A Security mechanism (technical or procedural,
can use crypto) enforces policies. Also referred to as Controls.
➢ Composition of security policies ➢ If policies conflict, discrepancies may create security
vulnerabilities NEDAS Summer Social Training
Event July 15, 2015 ©2015 Televerage International
109
Policies and Mechanisms
➢ It is important to understand the difference between the two concepts. ➢ Policy -> What ➢ Mechanism -> How
➢ An example ➢ Assuring Confidentiality is a policy statement
➢ Alternative mechanisms to support confidentiality ➢ Encryption of the information ➢ Physical protection of the information
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
0
Policy vs. Mechanism
➢ In the real world most security mechanisms are broad
➢ The desired goal is for the collection of all the
mechanisms in a system to define a “precise” overall mechanism
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
1
How about Security Mechanisms in the Real World?
➢ Each mechanism should be designed to implement a part or parts of the policy
➢ The union of all the mechanisms should implement all of the
policy ➢ The mechanisms must be implemented correctly ➢ The mechanisms must be installed, configured and
administrated correctly
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
2
In order To Trust Security Mechanisms:
➢ Monitoring and management systems and tools ➢ Intrusion detection systems and tools, ➢ Encryption of data ➢ Anti-tamper mechanisms (e.g. cryptographic hash) ➢ Identification and authentication ➢ Firewalls and proxy servers ➢ Software virus detection tools ➢ Fault tolerant networks and components ➢ Vulnerability scanning tools ➢ Security policies procedures ➢ Secure software development tools
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
3
Examples of Security Mechanisms
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
4
6. Specific Countermeasures
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
5
Conceptual Foundations for Infosec Best Practice =>Defense In Depth
115
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
6
Defense in Depth
Internet WAN
LAN
Workstation
Workstation
LAN
Protect the OS
Protect the Communications
Protect the Interface
Protect the Physical Environment
➢ Need to protect ➢ Information in transit ➢ Information at rest
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
7
Mobility vs Security ➢ User mobility significantly increases the complexity of securing information assets
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
8
Lockheed-Martin Cyber Kill Chain Model
Remediation Cost
Lowest
Highest
➢ Monitoring and management systems ➢ Intrusion and misuse detection systems ➢ Identification and authentication systems ➢ Firewalls and proxy servers (for both inbound AND outbound
connection activity) ➢ Software virus detection systems ➢ Fault/failure tolerant network design ➢ Application gateways ➢ Email spam filtering systems
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 11
9
Systems, Technologies, and Protocols for Protecting the Enterprise Boundary
➢ Monitoring and management systems and tools ➢ Intrusion detection systems ➢ Encryption of data (at rest and in transit) ➢ Anti-tamper mechanisms (cryptographic hashes) ➢ Fault tolerant network design (e.g. Hot Standby Router
Protocol – HSRP) ➢ Virtual LAN (VLAN) isolation ➢ Microsoft AD Domain isolation
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
0
Systems, Technologies, and Protocols for Protecting the Network Infrastructure
➢ Monitoring and management systems ➢ Intrusion and misuse detection systems ➢ Identification and authentication ➢ Software virus detection tools ➢ Vulnerability scanning tools ➢ Security procedures ➢ Secure software development tools ➢ Fault tolerant components
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
1
Systems, Technologies, and Protocols for Protecting the Computer Environment
01: Inventory of Authorized and Unauthorized Devices
02: Inventory of Authorized and Unauthorized Software
03: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
04: Continuous Vulnerability Assessment and Remediation
05: Malware Defenses
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
2
Council on Cybersecurity - Critical Security Controls - Version 5
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
3
Council on Cybersecurity - Critical Security Controls - Version 5 06: Application Software Security
07: Wireless Access Control
08: Data Recovery Capability
09: Security Skills Assessment and Appropriate Training to Fill Gaps
10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
4
Council on Cybersecurity - Critical Security Controls - Version 5
11: Limitation and Control of Network Ports, Protocols, and Services
12: Controlled Use of Administrative Privileges
13: Boundary Defense
14: Maintenance, Monitoring, and Analysis of Audit Logs
15: Controlled Access Based on the Need to Know
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
5
Council on Cybersecurity - Critical Security Controls - Version 5
16: Account Monitoring and Control
17: Data Protection
18: Incident Response and Management
19: Secure Network Engineering
20: Penetration Tests and Red Team Exercises
Against ➢ Confidentiality ➢ Integrity ➢ Availability ➢ Proof of Origin/Receipt
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
6
Summarizing – A View from 30,000 feet Mechanisms (AKA Countermeasures)
➢ Encryption ➢ Authentication ➢ Physical Security ➢ Hardware Protection ➢ Software Protection ➢ Administrative Protection
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
7
7. The role of trust in Information Security
➢ We Really can’t do that precisely. ➢ We talk about assurance as a measure of trust,
but that only transfers the problem ➢ Consider food product safety where trust is
achieved by means of a collection of methods, practices, etc.: ➢ Testing and certification ➢ Manufacturing standards ➢ Safety seals
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
8
How do we measure trust?
➢ All security policies and mechanisms have assumptions ➢ Sometimes these are explicit ➢ Sometimes these are implicit
➢ Example: Locks and picks
➢ Universal assumptions ➢ The policy can correctly and unambiguously partition the policy
universe into “secure” and “non-secure” states. ➢ The mechanism can enforce the policy
Neither of these assumptions are necessarily valid in every case
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 12
9
Trust Assumptions
Underlie all aspects of security, we assume that:
➢ Policies ➢ Unambiguously partition system states into those which are
secure and nonsecure
➢ Correctly capture security requirements
➢ Mechanisms ➢ Together enforce/implement policy (i.e. prevent entry into a
nonsecure state)
➢ Are implemented, installed and administered correctly
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
0
Trust Assumptions
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
1
8. Assurance
What assurance doe we have that a system can be trusted? ➢ First: The specification
➢ Arises from a requirements analysis ➢ Is a statement of desired functionality
➢ Second: The design ➢ How system will meet specification?
➢ Third: The implementation ➢ Programs/systems that carry out design ➢ Difficult to prove correctness of implementation
All of the above affect the level of trust we will have in the system
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
2
Assurance
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
3
9. Operational Issues
➢ Cost-Benefit Analysis ➢ Is it cheaper to prevent or recover?
➢ Risk Analysis ➢ Should we protect something? ➢ How much should we protect this thing? (What is the
likelihood of a successful attack?)
➢ Laws and Customs ➢ Are the desired security measures illegal or unethical thereby
limiting their utility? ➢ Will the enforcers perform them?
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
4
Operational Issues
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
5
10.Human Issues
➢ Organizational Problems ➢ Power and responsibility ➢ Financial benefits
➢ People problems ➢ Outsiders and insiders ➢ Social engineering attacks
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
6
Human Issues
➢ Sharing passwords
➢ “Social engineering”
➢ Maintenance ➢ Failure to update computer virus signatures ➢ Failure to install patches
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
7
The People Problem
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
8
11. Sources of Additional Information
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 13
9
Sources of Additional Information ➢ SANS Institute - Internet Storm Center
http://isc.sans.org/diary.html?storyid=7027
➢ SANS Institute – Critical Security Controls
https://www.sans.org/critical-security-controls/ ➢ US Computer Emergency Response Team (US-CERT)
https://www.us-cert.gov/ ➢ Krebs on Security http://krebsonsecurity.com/
NEDAS Summer Social Training Event July 15, 2015
©2015 Televerage International 14
0
Thank You!
The EvoluCon of DAS Ownership
Panelists
Dennis Rigney Vice President of Sales
SOLiD
Presented by SOLiD
Chief Alan Perdue ExecuIve Director
Safer Building CoaliIon Mike Collado
Vice President of MarkeIng SOLiD
Pete Dawson Strategy, Research and Design
Engineering Sprint
David Fox Director of Business Development
American Tower
Moderator
NEDAS Toronto: The Art of Development
September 29th
What’s Up Next?
LocaCon
• Venue – 2nd Floor Events 461 King St w Toronto, ON M5V 1K4
• Hotel Room Block
– Toronto Marriok Eaton Centre Hotel
Who Should Akend?
Public Safety
Construction Engineer Manufacturing Engineer
Legal Telecommunications Vendors
Finance Real Estate
Government & City Officials Architects
Carriers
Engineer
• Create new opportuniCes • RelaConship and business development • New tools and resources to enhance business opportuniCes
Theme: The Art of Development
• 125+ Akendees • Half-‐day full of panel discussions • Meet and greet networking recepCon • Exhibits and Table Top Displays • NEDASConnect App *NEW*
What Can You Expect?
• Reach over 4,000+ industry connecCons • Limited sponsorship opportuniCes include:
– *Exclusive NEDASconnect App – MarkeCng tabletop/exhibits – Charging staCon – And more!
• Contact: [email protected]
Sponsorship OpportuniCes
For more informa8on visit: www.nedas.com
#NEDASBoston and now
#NEDASToronto