nedas boston workshop presentations - july 15, 2015

NEDAS Boston Workshops & Social District Hall

Wednesday, July 15, 2015

#NEDASBoston

Interference HunCng: Tools and Service SoluCons

Presenters

Marc Nguessan SeeWave Product Manager

James Zik Vice President, Product

Management and Management

Presented by PCTEL

3

James Zik, VP Product Management Marc Nguessan, Product Manager

July 15, 2015

NEDAS Interference Hun8ng Workshop

❑ Introduction ❑ Why is Interference a Problem? ❑ Six Case Studies

❑ Interference Mechanisms ❑ Important Considerations ❑ Summary

4

Agenda

5

PCTEL delivers Performance CriCcal Telecom soluCons for public and private wireless networks. Connected Solu8ons™ designs and delivers performance criCcal

antennas and site soluCons for wireless networks globally. Our antennas support evolving wireless standards for cellular, private, and broadband networks. RF Solu8ons develops and provides test equipment, soPware, and engineering services for wireless networks. The industry relies upon PCTEL to benchmark network performance, analyze trends, and opCmize wireless networks.

Performance Critical Telecom:

6

Network Engineering Services Expert Knowledge, Exceptional Tools Provides wireless network services with an emphasis on in-building DAS. ✓  Network Benchmarking ✓  Baseline Testing ✓  CW Testing ✓  Design ✓  Commissioning ✓  Optimization ✓  Acceptance ✓  Interference Mitigation ✓  Consulting

Carriers

Neutral Host

OEMs

Integrators

PCTEL Customers

Why is Interference a Problem?

9

What is interference? ❑ Interference is an unwanted RF signal (in the cellular frequencies) caused by numerous electronic sources (including harmonics) that negaCvely affect mobile communicaCon What frequencies are most affected by interference? ❑ Interference can affect all mobile bands, but is a larger issue at the lower frequencies (300 to 900 MHz) due to the RF propagaCon of these frequencies. Higher frequencies (approx. >1700 MHz) are disposed to be more line-‐of-‐sight and more easily reflected with low penetraCon into buildings

Why is LTE more affected by interference? ❑ LTE is more affected by interference since LTE networks offer higher spectral efficiency in bits per second per Hz, but require higher levels of SINR to achieve that performance

vs

2600 MHz 700 MHz

Interference

LTE Networks Effects – Signal to Interference/Noise Ratio (SINR) ❑ SINR: Critical Measurement quantifying the relationship between RF conditions and throughput ‒ VoLTE requires high SINR (target >12 dB) or will result in dropped calls or uses high percentage of network bandwidth ‒ MIMO is ineffective with low SINR levels, requires high SINR (10-20 dB)

Customer Experience Effects

❑ Video Pixilation ❑ Poor voice quality ❑ Dropped calls/sessions ❑ Low data throughput ❑ Latency due to retransmission

Business Effects (Lost Revenue)

❑ Poor quality-of-service ❑ Customer churn

10

Problems Interference Causes

❑  US Mobile Operator Customer Attrition*

❑  Low network quality/speed of services is largest reason for attrition (12% in the previous year of the study i.e. normalized to a full yr: 6%) ➢  (100M customers * 6% churn (normalized) * 35% low QoS * $600/ARPU/year *

90% RAN issues) = $1.1B problem (year 1)

30%

35%

26%

*Ovum Report “Who Cares Wins” commissioned by Tektronix - Feb. 2014.

Why is Interference Abatement Important?

❑ Spectrum clearing when new or re-farmed spectrum becomes available ‒ Mobile operators must clear both uplink and downlink interference sources before network turn-up for any band

❑ DAS Verification, DAS Commissioning ❑ In-service interference that is affecting the quality-of-service of the network (uplink)

12

When do You Test for Interference?

Uplink In-service Interference ❑ Mobile operators search for uplink interference when base station Received Total Wideband Power (RTWP) reports a quality affecting level at base station (LTE) ❑ Customers report problems in an area ❑ Uplink more sensitive to interference due to mobile transmission restrictions (+23 dBm UE i.e. 0.2 Watts)

Downlink In-service Interference

❑ Downlink QoS issues are not as common from external interference sources, unless interferer is extremely powerful (sometimes with passive intermodulation), since the high powered signal from tower typically masks downlink interference sources

13

LTE eNB Tx Power: +45 dBm Rx Sensitivity: -123 dBm -102 to -105 dBm causes interference

LTE UE Tx Power: +23 dBm Rx Sensitivity: -95 dBm

Mobile Networks In-service Sensitivity

Six Case Studies

14

15

Lights Out (700, 1900 and AWS bands) Extremely high uplink noise levels discovered during DAS Commissioning

Interference found to occur only during day time and early evening

Case Study #1 – Newark, DE Sept 2014

16

SeeWave pointing away from interference source

SeeWave pointing toward the interference source

Interference locating in one particular section of the mall ❑  Interferer not found during DAS System Verification since done in the middle of

the night ❑  Building owner agreed to replace 50 halogen light bulbs

Interferer: Halogen Light Bulbs

Case Study #1 – Newark, DE Sept 2014

17

Work in Progress (700, 850 bands) Extremely high uplink noise levels discovered during DAS System Verification (-95 to -85 dBm)

Interference found to occur only during day time and early evening in a small section of the mall

Case Study #2 – Denver, CO July 2015

18

Spectrum Analyzer near Source

Awaiting permission to enter OshKosh B’gosh Store to test lights or other potential sources

Suspected Interferer: Lighting

Case Study #2 – Denver, CO July 2015

19

Uber Boomer (1900 band) Tier One operator reports intermittent -75 dBm Received Total Wideband Power KPI on uplink and customer complaints on uplink (both in-building and outdoors)


SeeWave pointing toward the interference source

Case Study #3 – Maryland Suburbs (near Washington DC) June 2015

20

DoD representa8ve claimed to have recently installed a DAS system ❑  Unusual for DAS system to cause outside interference of -‐75 dBm, 1 mile away ❑  Classified buildings oPen don’t allow cell phone usage ❑  DAS systems are always on, not only for 5 hours a day, a couple Cmes a week ❑  Immediately agreed to permanently turn of their “DAS System”

Conclusion of Interferer type: Military Experiment

Interference Source: Classified Defense Contractor Building

Case Study #3 - Maryland Suburbs (near Washington DC) June 2015

The Pope is Calling (and we listened) (850 band) Tier One installs Cellular on Wheels (COWs) at Quito Airport to cover increased Cellular traffic for the Pope’s visit (both indoor and outdoor) and the system was barely useable due to high noise floor

Mobile Operator’s COW (the one working with PCTEL) turned off for test

Competitor Mobile Operator’s COW (powered on)

Case Study #4 – Quito, Ecuador July 2015

22

SeeWave poin8ng away from interference source Low Noise floor

SeeWave poin8ng towards interference source High Noise floor

Compe8tor’s COW was interfering with uplink in the -‐95 to -‐100 dBm ❑  Adjustments needed to be made on compe8tors COWs ❑  Only authorized to place COWs in this loca8on

Interferer: COW

Case Study #4 – Quito, Ecuador July 2015

SeeWave poin8ng away from interference source

Case Study #5 - San Francisco, CA Oct 2014

23

SeeWave poin8ng toward interference source

Lost my Signal in San Francisco Tier One operator reports quality affecCng Received Total Wideband Power KPI on uplink

Case Study #5 -‐ San Francisco, CA Oct 2014

BTS signal leaking into another carrier’s spectrum Conclusion on Interferer type: Faulty BTS/BTS infrastructure 24

Case Study #5 - San Francisco, CA Oct 2014

25

Billboard Torture (700 band) Tier One optimization engineer finds very low SINR from drive test analysis


SeeWave pointing towards interference source

Case Study #6 – Nashville, TN Nov 2014

26 Digital Billboard employs wireless radio device for upda8ng billboard

Interferer type: Wireless Radio Device on Digital Billboard

Case Study #6 – Nashville, TN Nov 2014

Interference Mechanisms

27

❑ Modulated Sources ❑ Un-modulated Sources ❑ Harmonics ❑ Passive intermodulation (PIM) ❑ Repeaters/BDAs ❑ Intentional Interference

28

Interference Types

❑ Devices intended to transmit RF signals ❑ Unwanted interference occurs when these devices are malfunctioning or are operated improperly (usually narrowband signals) ❑ Compliant RF transmitters may create interference from harmonics, intermodulation, etc. ❑ Common sources of modulated interferers include: ‒ Unplugged Cable TV Output

29

Modulated Sources

❑ Un-‐modulated sources of interference are created from electric devices that unintenConally create RF signals ‒ ConCnuous Noise ‒ Impulse Noise

❑ Common sources of conCnuous noise include: ‒ Electric Motors ‒ Ballast in neon lighCng ‒ Faulty transformers ‒ Security and infrared Cameras ‒ Vehicle igniCon systems ‒ Baby Monitors

30

LTE Noise floor raised by electric

motor

Un-Modulated Sources

❑ Impulse Noise from un-‐modulated sources are created when the electricity flow is turned on and off

❑ Common sources of impulse noise include:

‒ Electric Motors (elevators, manufacturing plants, farms, etc.)

‒ Electric Fences ‒ Welding

‒ Parking Gates ‒ Wireless Speakers

‒ Arcing power lines ‒ Light dimmers

‒ Lightning suppression devices ‒ Commercial baking ovens

‒ Beacons on top of cell towers ‒ Garage door openers ‒ TV remotes

31

Un-Modulated Sources

❑ A harmonic is a mulCple of the RF carrier (fundamental frequency) ‒ A 750 MHz frequency can produce harmonics at 1500 MHz, 2250 MHz, 3000 MHz, etc.

❑ Legal large powered transmikers (megawak) can produce a 1 Wak third harmonic ‒ TV transmikers of 570 to 585 MHz (channels 30 – 33) can cause problems on E-‐UTRA 4 (AWS) uplink (1710 – 1755 MHz) band if the AWS sector is close to the TV transmiker

32

925 MHz harmonic from a 462.5 MHz 2-way

radio

Harmonics

❑ Cellular repeater or bidirectional amplifiers ‒ Used to extend in-building cellular coverage or coverage in areas with marginal coverage ‒ Interference caused by malfunctioning BDAs or retransmission of undesirable signals at the BDA’s input

‒ Common source of interference, but difficult to locate

33 BDA

Amplifier

Dome Antenna

In-Building Repeater

Repeaters/BDAs

❑ Two or more strong signals combine appearing as a nonlinear transmimng device ‒ Can cause numerous interferers from the addiCon and subtracCon of fundamental frequencies with harmonics

❑ OPen called the “rusty bolt” effect ‒ MaCng of 2 metal objects can create a recCfier effect when corrosion is present ‒ Generates spurious signals that are radiated by the connected metal objects

❑ Common sources Rusty bolts, fences or barn roofs ‒ Corroded rooPop air condiConers ‒ Improperly connected or loose/dirty connectors in the cell tower antenna feed line ‒ Cell tower guy lines ‒ UClity poles or wires, rain gukers 34

Passive Intermodula8on

❑ OPen located in shopping malls, restaurants, schools, military bases

❑ Sources can be mobile (cars, trains, etc.)

❑ Civilian use is illegal ❑ Typically easy to idenCfy ‒ Strong constantly-‐on signal ❑ Usually raises noise floor

35

Jammer

Inten8onal Interference

Important Considera8ons

36

37

Scan Setup

Dual Scan Spectrum Analysis with Playback •  Scan uplink and downlink for spectrum

clearing simultaneously •  Set up separate scans for looking at harmonics

Spectrogram Waterfall Isolates Intermiaent Interferers

Map with Triangula8on Locates Source of Interference

-‐ Ergonomics -‐ Use of COTS Antennas (n-‐type conn.)

Spectrum Analysis Considera8ons

DF Antenna Radiation Patterns (typical) ❑ Many users tilt antenna on a 45 deg angle

38 Elevation (Vertical) Azimuth (Horizontal)

Antenna Angle

39

Mul8path ❑  MulCpath occurs when radio signals from one source reach the

receiving antenna via two or more paths ‒  Caused by reflecCons or refracCons off of bodies of water or

objects including building and mountains ‒  Very common in urban canyons

Mi8ga8on ❑  Find a locaCon away from buildings and metal objects

‒  Building roof ‒  Away from metal objects including vehicles

❑  When finding a good locaCon is not possible ‒  Go to an intersecCon and point antenna in each the direcCon of

each intersecCng street ‒  Follow the street with the highest signal from the interferer Mul8path can severely complicate loca8ng the source of the interferer

Radio Wave Mul8path

Summary

40

41

❑  Verizon 700 MHz LTE cell site is latest vicCm of interference from fluorescent lights

❑  Time Warner Cable Experience Verizon LTE Interference in N.C. ‒  Time Warner Cable didn't take the steps to properly shield its boxes and/or cable system

❑  Florida teacher uses cellphone jammer to stop students’ texCng, draws a suspension

‒ 

Interference References

42

–  Interference can be a significant source of customer dissaCsfacCon of a mobile network resulCng in customer churn and lost revenue

–  External interference negaCvely affects LTE networks at lower signal levels than 2G and 3G technologies

–  Interference hunCng is an on-‐going process since new interferers are conCnually created

Summary

43

http://rfsolutions.pctel.com

[email protected] [email protected]

For free LTE and Interference posters, please visit PCTEL RF Solutions website:

Questions?

Thank you!

RF Data CollecCon & Remote Control/Monitoring Using WINd© SoluCon

Presenters

Nikhil Gogaté Senior Director of Global

Business Strategy

Luis Najera Product Support Specialist

Presented by Solutelia

Connect via Bluetooth to the PCTel ibFLex Scanner Perform: TopN, RSSI, CW or Blind Scan

WINd App

Seamless Integra8on

ibWave Mobile Planner

Integrated ibWave Mobile Planner support:

RF Data collec8on and Site Survey in one

WINd App

WINd Console Real Time

Console Remote View allows Real-‐Time Access and Control: live data stream

WINd Console Report Manager

KPI and Interval Reports

Summary with Indoor or Outdoor Plots

Console Reports allows near Instant:

Real-‐Time KPI, Interval and On-‐Site Post Reports

Achieving Confidence in Cyberspace: It’s All about Risk Management

Presenter

John Holmblad Cyber Security OperaIons specialist with the US

Senate and Professor at the University of Maryland University College

Achieving Confidence In Cyberspace => Its All About Risk Management

NEDAS Summer Social - Training

John B. Holmblad [email protected]

703 407 2278

➢ About You ➢ About your Instructor, that is me

NEDAS Summer Social Training Event July 15, 2015

©2015 Televerage International 62

Introductions

Company Size (Employees)

Number of you Today’s Audience

1 2-10 11-100 101-1,000 1,001-10,000 >10,000

➢ 1. Goals of information security ➢ 2. The Threat, Vulnerability, Risk, and

Countermeasure Model ➢ 3. Threats ➢ 4. Vulnerabilities ➢ 5. Security policies and security mechanisms ➢ 6. Specific Countermeasures ➢ 7. The role of trust ➢ 8. Assurance ➢ 9. Operational Issues ➢ 10. Human Issues ➢ 11. Sources of Additional Information



Today’s Agenda



1. Goals of Information Security

➢  Prevention ➢ Prevent attackers from violating security policy ➢ A potential negative side-effect is that elaborate prevention can

hamper legitimate use (e.g. DRM)

➢  Detection ➢ Detect attackers’ violation of security policy ➢ Typically required because prevention is not always successful

➢  Recovery ➢ Stop attack, assess and repair/remediate damage ➢ Continue to function correctly even if attack succeeds (a kind of fault

tolerance)



What are the Goals of Information Security

➢ Our lives are dominated by information. ➢ We want that information to be ➢ Available to us when we want it ➢ Correct with respect to what it purports to be ➢ Denied to those to whom it should not be available



We are an Information Driven Society

➢ Information ➢ Protecting information that is stored, transmitted or

viewed on or by means of a computer. ➢ Protecting information resources



What are we interested in protecting?

In short, Yes! ➢  Organizations are under attack from both inside and outside the

company ➢  A wide range of attacks are extant (“in the wild”) ➢  Cyber attacks result in serious financial loss and, in some cases,

complete failure of the enterprise ➢  The appropriate level of defense requires more than information

security technologies



Is there A Problem that Needs Solving?

➢  Our entire information infrastructure is rife with vulnerabilities at both the design and at the implementation level ➢ Design: e.g. BGP, 802.11 WEP ➢ Implementation: e.g. Adobe Flash, Internet Explorer

➢  Vulnerabilities are being routinely exploited ➢  We most often aren’t aware of the exploitation until it is too

late.



What are the Key Issues?

➢ What is the problem. ➢ Why we have a problem. ➢ What solutions are available to us.



To achieve/maintain security of our Information We Must Understand

➢  Confidentiality ➢ Keeping data and resources hidden

➢  Integrity ➢ Data integrity (integrity) ➢ Origin integrity (authentication)

➢  Availability ➢ having access to data and resources



Information Security Services - Basic Components

➢ Lets consider these security services from the perspective of :

➢ P: A Physician ➢ S: A Student ➢ C: A Consumer



Information Security Services - Basic Components

➢  P: Passers-by must not see the medical record; it is only for the physician

➢  S: Student grades are a private matter

between the instructor and the student. ➢  C: Only Amazon’s billing organization

should be able to see the consumer’s credit card number



Readable ONLY by those who are authorized to receive/view /process it

➢  Confidentiality may apply to the properties of information as well as the

information itself: ➢ not how many with H1N1 Flu in the neighborhood, but is there H1N1 Flu at all ➢ why does this employee want to know about jobs at other places? ➢ does a government agency maintain information on a particular citizen?

➢  Confidentiality of resources for storing/maintaining information

➢ what computer systems are used, what configurations, what high-end equipment is available



Confidentiality of Information Properties (aka Metadata)

➢  Interception: Secret voice communication between two parties that is intercepted

➢  Ex-filtration: Product cost data that is supposed to remain within

the enterprise but which is ex-filtrated to a competitor ➢  Theft: User credentials (e.g. passwords) which are stolen



Examples of Confidentiality Violation

➢  P: The physician’s understanding of the patient's BP, allergies, prescribed drugs, etc. must all be correct and up to date for this patient.

➢  S: The student wants historically accurate information from primary sources where possible.

➢  C: The consumer wants the description and price of the book to be accurate



Integrity means that Information is Correct with respect to what it purports to be

➢  When personal information is maintained incorrectly by a service

provider (for example, a loan has been repaid but this is not noted in the customer’s credit rating)

➢  When information is changed by an entity that does not have the

authority to do so – can be malicious (thus constituting an origin and data integrity violation)

➢  Libel/defamation ➢  Incorrect source citation ➢  Integrity violations can be prevented but that is more difficult than

simply detecting them.



Examples of Integrity Violation

➢  P: A physician might look up a patient record prior to an examination. She needs the record now.

➢  S: A student wants information about the

holocaust for a research paper. Since he waited until the last minute it is important that the web sites are “up”.

➢  C: A consumer wants to purchase a book on

Amazon.com



Availability means that Information is Available to the user when the user wants it

➢  Denial of Service (DOS) attacks in: ➢ E-commerce, News sites, Government information, Remote

electronic voting

➢  DOS Attacks can occur at one of several points ➢ At the origin (preventing server from accessing resources

required to send info.) ➢ At the destination (blocking communication from server) ➢ At an intermediate path (by dropping communication from

either origin or destination) ➢  DOS attacks can be difficult to detect because system behavior

might be due to genuine system overload



Examples of Availability Violation



2. Threat, Vulnerability, Risk, and Countermeasure Model

➢  A threat agent attacks a vulnerability resulting in a risk of loss. ➢  Threats, Vulnerabilities and Countermeasures all interact to

affect the level of risk ➢  Countermeasure should mitigate (reduce) the Risk of Loss, by, eg:

➢ Eliminating the threat (Kill all the wolves) ➢ Eliminating the vulnerability (Build a brick house) ➢ Increasing the cost of attack (Make yourself poisonous to

wolves)



Threats, Vulnerabilities, Risks and Countermeasures



Threat

And Countermeasures

Vulnerability

Vulnerability Risk



Threat: An intent to do harm

➢ May refer to the threat agent (e.g., a terrorist, a fire, a tornado)

➢ Sometimes the word “threat” is mixed with ➢  The risk: e.g., Threat of financial loss ➢  The mechanism: e.g., threat of denial of service or threat of message interception

➢ A threat consists of : ➢ Threat Agent (individual or group) ➢ Means (e.g. resources and organization) ➢ Intent (plan to carry out attack)

➢  Risk represents the negative consequence of a threat acting on a vulnerability

➢ A company loses $100k due to online bank fraud ➢ A company loses $1M in sales because its web site is unavailable ➢ A company’s common shares lose $1b because of the negative

publicity as a consequence of its ineffective response to a security breach

➢ A Virus wipes out a student’s thesis and the student does not have a

backup disc and thus learns the lesson “to backup is divine”.



Risks to Information Security

➢ Information Security is ultimately about risk management.

➢ Understand what information is important to yourself or your organization and what is its value

➢ Understand the who-what-when –where of access to the information

➢ Make and informed decision about how much to invest to protect the assets based on their value and the financial risk associated with their loss.



Enterprise Risk Management

➢ What assets need protection

➢ What financial risk the enterprise will incur if it fails to protect the asset adequately

➢ How much it will cost to protect the asset

➢ What is the “residual risk”, that is the risk that remains after performing mitigation actions?

NEDAS Summer Social Training

Event July 15, 2015 ©2015 Televerage International 86

Risk Analysis is a process that helps the Enterprise to understand

➢  Government institutions and regulated business (e.g., financial and healthcare) are required by law (many laws actually!) to implement some security (e.g. PCI DSS for credit cards, HIPAA for healthcare, etc.)

➢  Many parts of the private sector have fewer regulatory and

legal mandates for cybersecurity although that is changing ➢ Driven by shareholder value/stock price ➢ Security is viewed as an expense with no clear revenue gain.

➢  Implementing security must always balance the cost with the benefit.



Cost vs. Benefits

➢  Examples of Resource Mis-allocation

➢ Purchasing an alarm system for $500,000 to protect a $100,000 town house

➢ Spending $200,000 on a Security Event Management System to

protect information assets that are worth only $50,000 ➢ Spending $500,000 on a state of the art Intrusion Prevention System

but failing to invest opex in training and ongoing operation and maintenance



It is Possible to Overspend/Misspend

➢  Identify the threats to enterprise assets ➢  Identify the vulnerabilities that are exploitable by the

threats ➢ Measure/assess the risk of the threat exploiting the

vulnerability ➢  Identify countermeasures and the corresponding

amount of risk mitigation as a consequence of the application of those countermeasures

➢ Measure the residual risk to the enterprise after risk mitigation



The Process For Risk Assessment

➢ Can you really determine the degree and source of the threat?

➢ Can you find all the vulnerabilities?

➢ How do you measure risk?

➢ What does the countermeasure cost and how much risk will it remove?



Problem Areas for Risk Management

➢ Risk = Expected Value of Loss.

➢ Given threats t, vulnerabilities v and random variable N(t, v)

that t exploits v N times during some defined time frame, for example over a one year period and the probabilistic mean of N is E(N(t,v))

and

➢ Given that the financial loss L resulting from t exploiting v is L(t, v), then

Risk = Σ E(N(t, v))*L(t, v)



Measuring Risk

(t, v)

➢ Annual Rate of Occurrence (ARO) ➢  E(N(t,v)) = 12 times per year

and

➢ Single Loss Expectancy (SLE) ➢ L(t, v) = $50,000

then

Annual Risk = Σ E(N(t, v))*L(t, v) = 12*$50,000 = $600,000 This is Annual Risk also referred to as the Annual Loss

Expectancy (ALE) NEDAS Summer Social Training

Event July 15, 2015 ©2015 Televerage International 92

Measuring Risk - An Example with some additional definitions

(t, v)

➢  Historically, risk estimators thought they could do this ➢ Annualized Loss Expectancy ➢ FIPSPUB31 Guidelines for Automatic Data Processing Physical Security

and Risk Management, 1974.

➢  In reality, however, It is often very difficult to assign meaningful values for P(t, v) and L(t, v). ➢ What is the true value of information? ➢ How do you determine the frequency of occurrence of a successfully

exploited vulnerability?

➢  Providers of cyber-risk insurance are developing/improving actuarial information bases to quantify cyber-risks

➢  As the Cyber-risk insurance market matures risk models will become more accurate in their predictive capability



This is not so easy to quantify

➢ Not necessarily ➢ Some entity has to exploit the vulnerabilities

➢ Are there any threats?

➢ What are threats and vulnerabilities anyway?



Does the presence of Vulnerabilities imply that there is a material risk?



3. Threats

➢ Disclosure ➢ Snooping

➢ Deception ➢ Modification, spoofing (masquerading, identity theft),

repudiation of origin, denial of receipt ➢ Disruption ➢ Modification

➢ Usurpation: unauthorized control ➢ Modification, spoofing, delay, denial of service



Threats Classified by Potential Security Violation

➢ Delay of access ➢ Denial of access ➢ Destruction ➢ Disclosure ➢ Modification



Threat Impacts on Information

➢ Threat types are not mutually exclusive and they can be natural or man-made. ➢  Managers must act to mitigate risks no matter what the source.

➢ The threat agent somehow acts to delay the delivery or execution of information services ➢ A natural disaster cutting power or damaging a facility ➢ A malicious hacker interfering with the network ➢ A disgruntled employee deliberately slowing a critical

enterprise workload thereby reducing throughput



Delay

➢ An extreme form of Delay, where information services are unavailable for an extended period of time ➢ A “Distributed Denial of Service” (DDOS) Attack ➢ An animal falling into electrical equipment and thereby

taking out a part of the power grid ➢ An earthquake



Denial

➢ Information or resources are completely destroyed. ➢ A Catastrophic fire, earthquake, tornado, etc. ➢ A computer virus reformatting the hard drive ➢ A hacker deleting files.



0

Destruction

➢ The classic INFOSEC threat. Exposing sensitive information to unauthorized persons ➢ Military context: “Loose lips sink ships” ➢ An actor’s medical data exposed to the National Enquirer ➢ Consumer credit card numbers exposed to criminal

hackers ➢ Information ex-filtration



1

Disclosure

➢ The unauthorized changing of information. ➢ Possibly one of the more insidious problems as you may

not be aware of it as it is happening. ➢ A medical record incorrectly changed to show no penicillin

allergy. ➢ Geographic data subtly changed resulting in mission failure.



2

Modification

➢ Insiders used to be considered the primary threat. This is changing



3

Insider Threat



4

4. Vulnerabilities

➢ Vulnerabilities are “weaknesses” in the target that allow the threat agent to act

➢ Software flaws (e.g. buffer overflow)

➢ Weak or no passwords

➢ Incorrectly configured perimeter protection (firewalls)

➢ Poorly trained staff

➢ Human susceptibility to Social Engineering



5

Vulnerabilities to Computers and Networks

➢ Most common is the “buffer overflow” flaw



6

Software Flaws

1…………….………….1024 1010100101…1010………1

Programmer expected 1024 input bits but fails to design the software to incorporate a safety (bounds) check.

Code contained in this area

Buffer

➢ Most common is the “buffer overflow”



7

Software Flaws

1…………….………….1024 1010100101…1010………111011101010010110000100010101001000100100111110101010100101000001111010110100101110101000111101010101011101001111000000000000110100011111110101010100001011010010000101001000101111110101010010101010101

Attacker feeds >>> 1024 input bits

And fills this area with attacker’s own executable code

Buffer Overflow



8

5. Security Policies and Security Mechanisms

➢ A Security policy says what is, and is not, allowed ➢ This defines “security” for the site/system/etc. ➢ Can be in natural/machine-readable language, or within

a mathematical framework ➢ A Security mechanism (technical or procedural,

can use crypto) enforces policies. Also referred to as Controls.

➢ Composition of security policies ➢ If policies conflict, discrepancies may create security

vulnerabilities NEDAS Summer Social Training

Event July 15, 2015 ©2015 Televerage International

109

Policies and Mechanisms

➢ It is important to understand the difference between the two concepts. ➢ Policy -> What ➢ Mechanism -> How

➢ An example ➢ Assuring Confidentiality is a policy statement

➢ Alternative mechanisms to support confidentiality ➢ Encryption of the information ➢ Physical protection of the information



0

Policy vs. Mechanism

➢ In the real world most security mechanisms are broad

➢ The desired goal is for the collection of all the

mechanisms in a system to define a “precise” overall mechanism



1

How about Security Mechanisms in the Real World?

➢  Each mechanism should be designed to implement a part or parts of the policy

➢  The union of all the mechanisms should implement all of the

policy ➢  The mechanisms must be implemented correctly ➢  The mechanisms must be installed, configured and

administrated correctly



2

In order To Trust Security Mechanisms:

➢  Monitoring and management systems and tools ➢  Intrusion detection systems and tools, ➢  Encryption of data ➢  Anti-tamper mechanisms (e.g. cryptographic hash) ➢  Identification and authentication ➢  Firewalls and proxy servers ➢  Software virus detection tools ➢  Fault tolerant networks and components ➢  Vulnerability scanning tools ➢  Security policies procedures ➢  Secure software development tools



3

Examples of Security Mechanisms



4

6. Specific Countermeasures



5

Conceptual Foundations for Infosec Best Practice =>Defense In Depth

115



6

Defense in Depth

Internet WAN

LAN

Workstation

Workstation

LAN

Protect the OS

Protect the Communications

Protect the Interface

Protect the Physical Environment

➢ Need to protect ➢ Information in transit ➢ Information at rest



7

Mobility vs Security ➢ User mobility significantly increases the complexity of securing information assets



8

Lockheed-Martin Cyber Kill Chain Model

Remediation Cost

Lowest

Highest

➢  Monitoring and management systems ➢  Intrusion and misuse detection systems ➢  Identification and authentication systems ➢  Firewalls and proxy servers (for both inbound AND outbound

connection activity) ➢  Software virus detection systems ➢  Fault/failure tolerant network design ➢  Application gateways ➢  Email spam filtering systems



9

Systems, Technologies, and Protocols for Protecting the Enterprise Boundary

➢ Monitoring and management systems and tools ➢  Intrusion detection systems ➢ Encryption of data (at rest and in transit) ➢ Anti-tamper mechanisms (cryptographic hashes) ➢ Fault tolerant network design (e.g. Hot Standby Router

Protocol – HSRP) ➢ Virtual LAN (VLAN) isolation ➢ Microsoft AD Domain isolation



0

Systems, Technologies, and Protocols for Protecting the Network Infrastructure

➢  Monitoring and management systems ➢  Intrusion and misuse detection systems ➢  Identification and authentication ➢  Software virus detection tools ➢  Vulnerability scanning tools ➢  Security procedures ➢  Secure software development tools ➢  Fault tolerant components



1

Systems, Technologies, and Protocols for Protecting the Computer Environment

01: Inventory of Authorized and Unauthorized Devices

02: Inventory of Authorized and Unauthorized Software

03: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

04: Continuous Vulnerability Assessment and Remediation

05: Malware Defenses



2

Council on Cybersecurity - Critical Security Controls - Version 5



3

Council on Cybersecurity - Critical Security Controls - Version 5 06: Application Software Security

07: Wireless Access Control

08: Data Recovery Capability

09: Security Skills Assessment and Appropriate Training to Fill Gaps

10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches



4


11: Limitation and Control of Network Ports, Protocols, and Services

12: Controlled Use of Administrative Privileges

13: Boundary Defense

14: Maintenance, Monitoring, and Analysis of Audit Logs

15: Controlled Access Based on the Need to Know



5


16: Account Monitoring and Control

17: Data Protection

18: Incident Response and Management

19: Secure Network Engineering

20: Penetration Tests and Red Team Exercises

Against ➢  Confidentiality ➢  Integrity ➢  Availability ➢  Proof of Origin/Receipt



6

Summarizing – A View from 30,000 feet Mechanisms (AKA Countermeasures)

➢  Encryption ➢  Authentication ➢  Physical Security ➢  Hardware Protection ➢  Software Protection ➢  Administrative Protection



7

7. The role of trust in Information Security

➢ We Really can’t do that precisely. ➢ We talk about assurance as a measure of trust,

but that only transfers the problem ➢ Consider food product safety where trust is

achieved by means of a collection of methods, practices, etc.: ➢ Testing and certification ➢ Manufacturing standards ➢ Safety seals



8

How do we measure trust?

➢  All security policies and mechanisms have assumptions ➢ Sometimes these are explicit ➢ Sometimes these are implicit

➢  Example: Locks and picks

➢  Universal assumptions ➢ The policy can correctly and unambiguously partition the policy

universe into “secure” and “non-secure” states. ➢ The mechanism can enforce the policy

Neither of these assumptions are necessarily valid in every case



9

Trust Assumptions

Underlie all aspects of security, we assume that:

➢ Policies ➢ Unambiguously partition system states into those which are

secure and nonsecure

➢ Correctly capture security requirements

➢ Mechanisms ➢ Together enforce/implement policy (i.e. prevent entry into a

nonsecure state)

➢ Are implemented, installed and administered correctly



0

Trust Assumptions



1

8. Assurance

What assurance doe we have that a system can be trusted? ➢  First: The specification

➢ Arises from a requirements analysis ➢  Is a statement of desired functionality

➢  Second: The design ➢ How system will meet specification?

➢  Third: The implementation ➢ Programs/systems that carry out design ➢ Difficult to prove correctness of implementation

All of the above affect the level of trust we will have in the system



2

Assurance



3

9. Operational Issues

➢ Cost-Benefit Analysis ➢ Is it cheaper to prevent or recover?

➢ Risk Analysis ➢ Should we protect something? ➢ How much should we protect this thing? (What is the

likelihood of a successful attack?)

➢ Laws and Customs ➢ Are the desired security measures illegal or unethical thereby

limiting their utility? ➢ Will the enforcers perform them?



4

Operational Issues



5

10.Human Issues

➢ Organizational Problems ➢ Power and responsibility ➢ Financial benefits

➢ People problems ➢ Outsiders and insiders ➢ Social engineering attacks



6

Human Issues

➢ Sharing passwords

➢ “Social engineering”

➢ Maintenance ➢ Failure to update computer virus signatures ➢ Failure to install patches



7

The People Problem



8

11. Sources of Additional Information



9

Sources of Additional Information ➢ SANS Institute - Internet Storm Center

http://isc.sans.org/diary.html?storyid=7027

➢ SANS Institute – Critical Security Controls

https://www.sans.org/critical-security-controls/ ➢ US Computer Emergency Response Team (US-CERT)

https://www.us-cert.gov/ ➢ Krebs on Security http://krebsonsecurity.com/



0

Thank You!

The EvoluCon of DAS Ownership

Panelists

Dennis Rigney Vice President of Sales

SOLiD

Presented by SOLiD

Chief Alan Perdue ExecuIve Director

Safer Building CoaliIon Mike Collado

Vice President of MarkeIng SOLiD

Pete Dawson Strategy, Research and Design

Engineering Sprint

David Fox Director of Business Development

American Tower

Moderator

NEDAS Toronto: The Art of Development

September 29th

What’s Up Next?

LocaCon

•  Venue –  2nd Floor Events 461 King St w Toronto, ON M5V 1K4

•  Hotel Room Block

–  Toronto Marriok Eaton Centre Hotel

Who Should Akend?

Public Safety

Construction Engineer Manufacturing Engineer

Legal Telecommunications Vendors

Finance Real Estate

Government & City Officials Architects

Carriers

Engineer

•  Create new opportuniCes •  RelaConship and business development •  New tools and resources to enhance business opportuniCes

Theme: The Art of Development

•  125+ Akendees •  Half-‐day full of panel discussions •  Meet and greet networking recepCon •  Exhibits and Table Top Displays •  NEDASConnect App *NEW*

What Can You Expect?

•  Reach over 4,000+ industry connecCons •  Limited sponsorship opportuniCes include:

–  *Exclusive NEDASconnect App –  MarkeCng tabletop/exhibits –  Charging staCon –  And more!

•  Contact: [email protected]

Sponsorship OpportuniCes

For more informa8on visit: www.nedas.com

#NEDASBoston and now

#NEDASToronto

nedas boston workshop presentations - july 15, 2015

Presentations & Public Speaking