[attachment=10553]
Innovation fostering the Growth of NGNs
• Smart devices
– Television
– Computers
– PDA
– Mobile Phone
(Single device to provide an end-to-end, seamlessly secure access)
Application Simplicity
– Preference of single, simple and secure interface to access applications or content
– Ubiquitous interface - web browser
– Flexible Infrastructure
Because of these areas of evolution, today’s NGNs are defined more by the services they support than by traditional demarcation of Physical Infrastructure.
• The Emergence of NGNs
• The communication network operating two years ago are father’s telecommunication Network.
NGNs are teenager’s Network.
• No longer consumer and business accept the limitation of single-use device or network.
• Both individuals and Business want the ability to communicate, work and be entertained over any device, any time, anywhere.
• The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose.
Challenges for Network Operator
• Business challenges include new Pricing Structure, new relationship and new competitors.
• Technical challenges include migrating and integrating with new advances in technologies from fibre optics, installation of Wi-Fi support.
• Developing a comprehensive Security Policy and architecture in support of NGN services.
To Reap Benefits
• To reap benefits of NGN, the operator must address
– Technology
– Risk
– Security
– Efficiency
NGN Architecture
Growing Concern
• Computing Technology has turned against us
• Exponential growth in security incidents
– Pentagon, US in 2007
– Estonia in April 2007
– Computer System of German Chancellory and three Ministries
– Highly classified computer network in New Zealand & Australia
• Complex and target oriented software
• Common computing technologies and systems
• Constant probing and mapping of network systems
• Cyber Threat Evolution
Cyber attacks being observed
• Web defacement
• Spam
• Spoofing
• Proxy Scan
• Denial of Service
• Distributed Denial of Service
• Malicious Codes
– Virus
– Bots
• Data Theft and Data Manipulation
– Identity Theft
– Financial Frauds
• Social engineering Scams
Trends of Incidents
• Sophisticated attacks
– Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity
– Rise of Cyber Spying and Targeted attacks
– Mapping of network, probing for weakness/vulnerabilities
– Malware propagation through Website intrusion
– Large scale SQL Injection attacks like Asprox Botnet
– Malware propagation through Spam on the rise
– Storm worm, which is one of the most notorious malware programs seen during 2007-08, circulates through spam
• Phishing
– Increase in cases of fast-flux phishing and rock-phish
– Domain name phishing and Registrar impersonation
– Crimeware
– Targeting personal information for financial frauds
– Information Stealing through social networking sites
• Rise in Attack toolkits
– Toolkits like Mpack and Neospolit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised sites
Global Attack Trend
• Three faces of cyber crime
• Organised Crime
• Terrorist Groups
• Nation States
Security of Information Assets
• Security of information & information assets is becoming a major area of concern
• With every new application, newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets
• Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand on IT/ITES/BPO service organizations
• We need to generate ‘Trust & Confidence’
Challenges before the Industry
Model Followed Internationally
• Internationally, the general approach has been to have legal drivers supported by suitable verification mechanism.
• For example, in USA Legal drivers have been
– SOX
– HIPPA
– GLBA
– FISMA etc.
• In Europe, the legal driver has been the “Data Protection Act” supported by ISO27001 ISMS.
Status of security and quality compliance in India
• Quality and Security
– Large number of companies in India have aligned their internal process and practices to international standards such as
• ISO 9000
• CMM
• Six Sigma
• Total Quality Management
– Some Indian companies have won special recognition for excellence in quality out of 18 Deming Prize winners for Total Quality Management in the last five years, six are Indian companies.
ISO 27001/BS7799 Information Security Management
• Government has mandated implementation of ISO27001 ISMS by all critical sectors
• ISMS 27001 has mainly three components
– Technology
– Process
– Incident reporting and monitoring
• 296 certificates issued in India out of 7735 certificates issued worldwide
• Majority of certificates issued in India belong to IT/ITES/BPO sector