securing your move to voip… luis eguiagaray, managing director professional services emea lucent...
TRANSCRIPT
Securing your move to VoIP…
Luis Eguiagaray, Managing Director Professional Services EMEA
Lucent Worldwide Services
15 November 2005, Lisbon
2 Lucent Technologies – Proprietary - Use pursuant to company instruction
Agenda
Telecommunication Market Trends
Security Challenges when migrating to VoIP
A systematic approach to address security in converged networks
Building a comprehensive Next Generation Network Migration Plan
Applying lessons learned to secure your move to VoIP
Conclusions
3 Lucent Technologies – Proprietary - Use pursuant to company instruction
Service convergence across networks
Active Phone Book
Presence and Location
UnifiedMessaging
Video Communications
Mobile / BB Roaming
iLocator
Multicast Service
People simply want services that fit their lifestyle and are available anywhere, anytime.
Internet
2G/3G
PacketMobile
Network
802.xxAccess
CircuitMobile
Network
IP Network
Cable
4 Lucent Technologies – Proprietary - Use pursuant to company instruction
1,5
2,5
3,5
1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002
Household Communications SpendingAt Current Prices (% of Total Household Consumption Expenditure)
Source: Eurostat 2004
[In 2000 average consumption expenditure of EU households has been EUR 13100 per head/year]
% Belgium
Denmark
Germany
Greece
Spain
France
Ireland
Italy
Luxembourg
Netherlands
Austria
Portugal
Finland
Sweden
United Kingdom
EU-15 Average
United States
Linear (EU-15 Average )
5 Lucent Technologies – Proprietary - Use pursuant to company instruction
Securing your move to VoIP.. Setting the scene..
Convergence of voice and data networks enables blended lifestyle services+ implementation of VoIP is taking place
+ Use of IP-based nets - cost saving and more flexibility
+ More functionality by employment of “smart" software
+ New end-user services
- IP-based nets - security is an issue
- New attack types, Unknown vulnerabilities introduced with VoIP
+ .. But security also provides opportunities
6 Lucent Technologies – Proprietary - Use pursuant to company instruction
Evolution to the new telecommunications world
Operator network, including network
elements, applications, …
Operator network, including network
elements, applications, …
Circuit-switched telecommunications
world
ApplicationsApplicationsNetwork
element(s)
Network element(s)
IP Infrastructure
Network element(s
)
Network element(s
)
Third-party Apps
Third-party Apps
The brave new world
7 Lucent Technologies – Proprietary - Use pursuant to company instruction
Security challenges in the brave new world
AppsApps Network element(s)
Network element(s)
IP Infrastructure
Network element(s
)
Network element(s
)
Third-party Apps
Third-party Apps
Open, standards & IP-based, converged
Telecom exposed to the vulnerabilities of open networks and systems
Key threats: Availability, Confidentiality, Authenticity & Integrity
VoIP open to vulnerabilities & threats in IP, e.g. Denial of Service
Topology of network potentially detectable by attackers
OA&M and customer data vulnerable if on a common backbone with IP transport
8 Lucent Technologies – Proprietary - Use pursuant to company instruction
Are you prepared to address the security challenges in a Wireless VoIP network?
How vulnerable is my network and business to hackers and other external threats that may bring the service to my customers down?
How difficult or easy is it for “bad guys” to commit fraud and make misusage of the services I provide through my new VoIP network?
How do I ensure data integrity so data transmitted through my network arrives at the receiver as it was send by the sender?
Where do I stand from a Business Continuity perspective?
A comprehensive end-to-end approach to VoIP security is required
9 Lucent Technologies – Proprietary - Use pursuant to company instruction
A comprehensive end-to-end approach to security is required
10 Lucent Technologies – Proprietary - Use pursuant to company instruction
Security requires a continuous program to be established
People
Products
Processes
11 Lucent Technologies – Proprietary - Use pursuant to company instruction
ITU-T x.805 Security Framework provides comprehensive approach for VoIP Security
VULNERABILITIESVULNERABILITIES
Acc
ess
Man
agem
ent
Infrastructure Security
Application Security
Service Security
End User Plane
Control Plane
Management Plane
THREATS
8 Security Dimensions
ATTACKS
Dat
a C
on
fid
enti
alit
y
Co
mm
un
icat
ion
Flo
w S
ecu
rity
Inte
gri
ty
Ava
ilab
ility
Pri
vacy
Destruction
Disclosure
Corruption
Removal
Au
then
tica
tio
n
No
n-r
epu
dia
tio
n
Security Layers
InterruptionA
cces
s C
on
tro
lInfrastructure Security
Application Security
Service Security
End User Plane
Control Plane
Management Plane
THREATS
8 Security Dimensions
ATTACKS
Dat
a C
on
fid
enti
alit
y
Co
mm
un
icat
ion
Sec
uri
ty
Dat
a In
teg
rity
Ava
ilab
ility
Pri
vacy
Destruction
Disclosure
Corruption
Removal
Au
then
tica
tio
n
No
n-r
epu
dia
tio
n
Security Layers
Interruption
Bell LabsInnovation
12 Lucent Technologies – Proprietary - Use pursuant to company instruction
VoIP security won’t become a problem if you take a uncompromised approach to it VoIP Security assessment by independent 3rd party
Take Security into account from day one when implementing VoIP:
– In the business case
– In the architecture
– In the detailed planning & design
– In operations & maintenance procedures
Deploy best of breed security solutions integrated by trusted and qualified professionals
Consider outsourcing of VoIP Security Management => a Security ROI analysis may help to make the right choice
Look for partnerships that allow you to provide End-to-End VoIP Security
Make sure it scales
with the network
Make sure it scales
with the network
13 Lucent Technologies – Proprietary - Use pursuant to company instruction
Are you prepared to address the challenges of a Next Generation Network Transformation?
Will your next generation architecture support your future services? How will current services be improved by the next generation network?
Have you defined a migration strategy? Will you migrate your customers or allow customers to gradually adopt a next generation architecture?
How long will a transitional hybrid network environment exist? And what are the financial implications of this network state?
What are your priorities for migration? financial payback? office consolidation? services and customer migration timelines? availability of new services? protecting legacy investment?
14 Lucent Technologies – Proprietary - Use pursuant to company instruction
Cost Benefits of Convergence to All IP network infrastructure
Converged All IP networks have significant benefits for cost reduction– Reduction in Site operation expenses
• Fewer sites
• Lower operating cost per site
– Lower headcount
– Greater trunking efficiency in the converged network
• Fewer trunks trunks freed up for leasing
– Potential reduction in access charges
Recent examples demonstrated include:- 57% reduction in sites- 63% reduction in OpEx per site- 25% reduction in head count- 43% reduction in trunk provisioning - 80,000 trunks freed with $73m leasing potential
Equivalent toEquivalent to20% of current20% of currentvoice networkvoice network
OpExOpEx
15 Lucent Technologies – Proprietary - Use pursuant to company instruction
The Network Transition BubbleOperating Expense during Next Generation Network Migration
Time
Current Network Hybrid Network NextGen Network
Operational Expense associated with
network migration
Capital Investment Required for Next Gen Network Components
PresentPresent TransitionTransition FutureFuture
Operational Savings
Flatten the curve and shorten the interval by using NGN Migration Experts
16 Lucent Technologies – Proprietary - Use pursuant to company instruction
Are you prepared to address the challenges of a Next Generation Migration?
How accurate are your records (engineering, switch, OSS/BSS and billing, service/circuit)? What are the data cleansing requirements?
What tool development is required to automate the migration process?
What transport infrastructure will be required during the migration?
What are your alternative traffic migration points for office services?
How will you handle OAM&P during the transitional network? Do you have the operational skills to manage the next generation network?
Next Generation Network migration is a complex undertaking and requires a comprehensive, well-thought
out approach
17 Lucent Technologies – Proprietary - Use pursuant to company instruction
Integrated Network Migration PlanningThe basis for successful migration
A systematic, comprehensive migration planning process across five inter-related dimensions
.
OUR APPROACH TO NEXT GENERATION MIGRATION
Network Database Migration
Application Migration OSS/BSS MigrationTraffic Migration
Transport Migration
What we do:
Develop migration plans across five dimensions
What’s the deliverable:
• Integrated network migration plan
The manner and order that each of these dimensions is considered within the migration is dependent on the identified migration
priorities, which are Service Provider specific
18 Lucent Technologies – Proprietary - Use pursuant to company instruction
Goal: Create a next-gen network for enterprise customers• Network to deliver new services, such as IP Centrex, combined
IP services• Solution combines network elements and end-end service• Lucent selected for technical solution and service support
Next-gen network solution for Netia
Lucent delivers Next Generation IMS solutions that meet business needs
Goal: IMS/VoIP end-to-end security implementation• Assess IMS/VoIP security using X.805 and BS7799 security
models• Implementation of Information Security Management System• Customer name not disclosed for security reasons
VoIP Security Assessment
EU Operator
Goal: Create Network incorporating UMTS, HSDPA and IMS• HSDPA-enabled network will provide customers with "blended"
mobile high-speed data, multimedia, and VoIP services• First commercial deployment in Europe
Converged Fixed-Mobile
Network for O2
21st Century Network provider
to BT
Goal: Help BT to create next-gen network• Providing multi-vendor core equipment • Delivering network integration, deployment and maintenance
support for one of the world's largest infrastructure upgrades
19 Lucent Technologies – Proprietary - Use pursuant to company instruction
Our Migration solutions yield tangible results
Offer New Services
“Quick availability of new lifestyle services”
Reduce TransitionalOperating Costs
“Minimized issues during transition”
Operate CostEfficiently
“Lower existing Services pricing”
Innovate for theFuture
“New blendedLifestyle services”
Typical Benefits– 30-40% reduction in interval
and cost of OSS application development required for migration
– Reduce customer data provisioning interval and costs by 30%
– Accelerate traffic migration timeline by 30-40%
– Accelerate overall deployment schedule by 20-30%
Plus… – Ready platform for new
blended services introduction
– Increased end customer satisfaction during network transition
Business Imperatives
End User Needs
20 Lucent Technologies – Proprietary - Use pursuant to company instruction
Conclusions
Convergence allows creation of new blended lifestyle services to grow revenue
Convergence to IP provides significant opportunities, but security is a challenge that needs to be addressed
A comprehensive approach to security that takes all aspects into account is required
No “one size fits all” solutions – An integrated migration plan based on specific Service
Provider or Enterprise priorities provides the basis for successful reliable migration to an All IP infrastructure
Lucent Worldwide Services migration and security expertise enables a secure move to VoIP
21 Lucent Technologies – Proprietary - Use pursuant to company instruction
Lucent – enabling your Next Generation Migration success
This document is protected under the copyright laws of the United States and other countries as an unpublished work. This document contains information that is proprietary and confidential to Lucent Technologies or its technical alliance partners. No information contained within or directly referenced in connection with this document whether written or verbal, shall be disclosed or duplicated, used or disclosed in whole or in part for any purpose other than to evaluate Lucent Technologies. Any use or disclosure in whole or in part of this information without the express written permission of Lucent Technologies is prohibited.
© 2005 Lucent Technologies. All rights reserved. Printed in the USA.
Note: Any mention of benefits, including savings targets, is a rough order of magnitude estimate only, and as such does not constitute a final offer. Any final offer including pricing is subject to due diligence.