NEDAS Boston Workshop Presentations - July 15, 2015

NEDAS
Boston
Workshops
&
Social

District
Hall

Wednesday,
July
15,
2015

#NEDASBoston

Interference
HunCng:

Tools
and
Service
SoluCons

Presenters

Marc
Nguessan

SeeWave
Product
Manager

James
Zik

Vice
President,
Product

Management
and
Management

Presented
by
PCTEL

3

James Zik, VP Product
Management
Marc Nguessan, Product
Manager
July 15, 2015

NEDAS
Interference
Hun8ng

Workshop

❑ Introduction
❑ Why is Interference a Problem?
❑ Six Case Studies
❑ Interference Mechanisms
❑ Important Considerations
❑ Summary
4

Agenda

5

PCTEL
delivers
Performance
CriCcal
Telecom
soluCons
for
public

and
private
wireless
networks.

Connected
Solu8ons™
designs
and
delivers
performance
criCcal

antennas
and
site
soluCons
for
wireless
networks
globally.
Our

antennas
support
evolving
wireless
standards
for
cellular,
private,

and
broadband
networks.

RF
Solu8ons
develops
and
provides
test
equipment,
soPware,
and

engineering
services
for
wireless
networks.
The
industry
relies
upon

PCTEL
to
benchmark
network
performance,
analyze
trends,
and

opCmize
wireless
networks.

Performance Critical Telecom:

6

Network Engineering Services
Expert Knowledge, Exceptional Tools
Provides wireless network services with an
emphasis on in-building DAS.
✓  Network Benchmarking
✓  Baseline Testing
✓  CW Testing
✓  Design
✓  Commissioning
✓  Optimization
✓  Acceptance
✓  Interference Mitigation
✓  Consulting

Carriers Neutral Host
OEMs
Integrators
PCTEL
Customers

Why
is
Interference
a
Problem?

9

What
is
interference?

❑ Interference
is
an
unwanted
RF
signal
(in
the
cellular
frequencies)
caused
by
numerous

electronic
sources

(including
harmonics)
that
negaCvely
affect
mobile
communicaCon

What
frequencies
are
most
affected
by
interference?

❑ Interference
can
affect
all
mobile
bands,
but
is
a
larger
issue
at
the
lower
frequencies

(300
to
900
MHz)
due
to
the
RF
propagaCon
of
these
frequencies.
Higher
frequencies

(approx.
>1700
MHz)
are
disposed
to
be
more
line-‐of-‐sight
and
more
easily
reflected

with
low
penetraCon
into
buildings

Why
is
LTE
more
affected
by
interference?

❑ LTE
is
more
affected
by
interference
since
LTE
networks
offer
higher
spectral
efficiency
in

bits
per
second
per
Hz,
but
require
higher
levels
of
SINR
to
achieve
that
performance

vs
2600
MHz
700
MHz

Interference

LTE Networks Effects – Signal to Interference/Noise Ratio (SINR)
❑ SINR: Critical Measurement quantifying the relationship between RF conditions and throughput
‒ VoLTE requires high SINR (target >12 dB) or will result in dropped calls or uses high
percentage of network bandwidth
‒ MIMO is ineffective with low SINR levels, requires high SINR (10-20 dB)
Customer Experience Effects
❑ Video Pixilation
❑ Poor voice quality
❑ Dropped calls/sessions
❑ Low data throughput
❑ Latency due to retransmission
Business Effects (Lost Revenue)
❑ Poor quality-of-service
❑ Customer churn
10

Problems Interference Causes

❑  US Mobile Operator Customer Attrition*
❑  Low network quality/speed of services is largest reason for attrition (12% in the
previous year of the study i.e. normalized to a full yr: 6%)
➢  (100M customers * 6% churn (normalized) * 35% low QoS * $600/ARPU/year *
90% RAN issues) = $1.1B problem (year 1)
30
%
35
%
26
%
*Ovum Report “Who Cares Wins” commissioned by Tektronix - Feb. 2014.
Why is Interference Abatement Important?

❑ Spectrum clearing when new or re-farmed spectrum
becomes available
‒ Mobile operators must clear both uplink and downlink interference sources
before network turn-up for any band
❑ DAS Verification, DAS Commissioning
❑ In-service interference that is affecting the quality-of-service
of the network (uplink)
12

When do You Test for Interference?

Uplink In-service Interference
❑ Mobile operators search for uplink interference when
base station Received Total Wideband Power (RTWP)
reports a quality affecting level at base station (LTE)
❑ Customers report problems in an area
❑ Uplink more sensitive to interference due to mobile
transmission restrictions (+23 dBm UE i.e. 0.2 Watts)
Downlink In-service Interference
❑ Downlink QoS issues are not as common from externa
interference sources, unless interferer is extremely
powerful (sometimes with passive intermodulation),
since the high powered signal from tower typically masks
downlink interference sources
13

LTE eNB
Tx Power: +45 dBm
Rx Sensitivity: -123
dBm -102 to -105 dBm
causes
interference
LTE UE
Tx Power: +23 dBm
Rx Sensitivity: -95 dBm
Mobile Networks In-service Sensitivity

Six
Case
Studies

14

15

Lights Out
(700, 1900 and AWS bands)
Extremely high uplink noise levels discovered during DAS Commissioning
Interference found to occur only during day time and early evening
Case Study #1 – Newark, DE
Sept 2014

16

SeeWave pointing away from
interference source
SeeWave pointing toward the
interference source
Interference locating in one particular section of the mall
❑  Interferer not found during DAS System Verification since done in the middle of
the night
❑  Building owner agreed to replace 50 halogen light bulbs
Interferer: Halogen Light Bulbs
Case Study #1 – Newark, DE
Sept 2014

17

Work in Progress
(700, 850 bands)
Extremely high uplink noise levels discovered during DAS System Verification (-95 to -85 dBm)
Interference found to occur only during day time and early evening in a small section
of the mall
Case Study #2 – Denver, CO
July 2015

18

Spectrum Analyzer near Source
Awaiting permission to enter OshKosh B’gosh Store to test lights or
other potential sources
Suspected Interferer: Lighting
Case Study #2 – Denver, CO
July 2015

19

Uber Boomer
(1900 band)
Tier One operator reports intermittent -75 dBm Received Total Wideband Power KPI on uplink
and customer complaints on uplink (both in-building and outdoors)
interference source
SeeWave pointing toward the
interference source
Case Study #3 – Maryland Suburbs (near
Washington DC) June 2015

20

DoD
representa8ve
claimed
to
have
recently
installed
a
DAS
system

❑  Unusual
for
DAS
system
to
cause
outside
interference
of
-‐75
dBm,
1
mile
away

❑  Classiﬁed
buildings
oPen
don’t
allow
cell
phone
usage

❑  DAS
systems
are
always
on,
not
only
for
5
hours
a
day,
a
couple
Cmes
a
week

❑  Immediately
agreed
to
permanently
turn
of
their
“DAS
System”

Conclusion
of
Interferer
type:
Military
Experiment

Interference Source: Classified
Defense Contractor Building
Case Study #3 - Maryland Suburbs
(near Washington DC) June 2015

The Pope is Calling (and we listened)
(850 band)
Tier One installs Cellular on Wheels (COWs) at Quito Airport to cover increased Cellular traffic for the Pope’s
visit (both indoor and outdoor) and the system was barely useable due to high noise floor
Mobile Operator’s
COW (the one working
with PCTEL) turned off
for test
Competitor Mobile
Operator’s COW
(powered on)
Case Study #4 – Quito, Ecuador
July 2015

22

SeeWave
poin8ng
away
from
interference
source

Low
Noise
ﬂoor

SeeWave
poin8ng
towards
interference
source

High
Noise
ﬂoor

Compe8tor’s
COW
was
interfering
with
uplink
in
the
-‐95
to
-‐100
dBm

❑  Adjustments
needed
to
be
made
on
compe8tors
COWs

❑  Only
authorized
to
place
COWs
in
this
loca8on

Interferer:
COW

Case Study #4 – Quito, Ecuador
July 2015

SeeWave
poin8ng
away
from

interference
source

Case Study #5 - San Francisco, CA
Oct 2014
23

SeeWave
poin8ng
toward

interference
source

Lost
my
Signal
in
San
Francisco

Tier
One
operator
reports
quality
aﬀecCng
Received
Total
Wideband
Power

KPI
on
uplink

Case
Study
#5
-‐
San
Francisco,
CA

Oct
2014

BTS signal leaking into another carrier’s spectrum
Conclusion on Interferer type: Faulty BTS/BTS infrastructure
24

Case Study #5 - San Francisco, CA
Oct 2014

25

Billboard Torture
(700 band)
Tier One optimization engineer finds very low SINR from drive test analysis
interference source
SeeWave pointing towards
interference source
Case
Study
#6
–
Nashville,
TN

Nov
2014

26

Digital
Billboard
employs
wireless
radio
device
for
upda8ng
billboard

Interferer
type:
Wireless
Radio
Device
on
Digital
Billboard

Case Study #6 – Nashville, TN
Nov 2014

Interference
Mechanisms

27

❑ Modulated Sources
❑ Un-modulated Sources
❑ Harmonics
❑ Passive intermodulation (PIM)
❑ Repeaters/BDAs
❑ Intentional Interference
28

Interference Types

❑ Devices intended to transmit RF signals
❑ Unwanted interference occurs when these devices are
malfunctioning or are operated improperly (usually
narrowband signals)
❑ Compliant RF transmitters may create interference from
harmonics, intermodulation, etc.
❑ Common sources of modulated interferers include:
‒ Unplugged Cable TV Output
29

Modulated
Sources

❑ Un-‐modulated
sources
of
interference
are
created
from
electric
devices
that

unintenConally
create
RF
signals

‒ ConCnuous
Noise

‒ Impulse
Noise

❑ Common
sources
of
conCnuous
noise
include:

‒ Electric
Motors

‒ Ballast
in
neon
lighCng

‒ Faulty
transformers

‒ Security
and
infrared
Cameras

‒ Vehicle
igniCon
systems

‒ Baby
Monitors

30

LTE Noise floor
raised by electric
motor
Un-Modulated Sources

❑ Impulse
Noise
from
un-‐modulated
sources
are
created
when
the
electricity
ﬂow
is
turned
on
and
oﬀ

❑ Common
sources
of
impulse
noise
include:

‒ Electric
Motors
(elevators,
manufacturing
plants,
farms,
etc.)

‒ Electric
Fences

‒ Welding

‒ Parking
Gates

‒ Wireless
Speakers

‒ Arcing
power
lines

‒ Light
dimmers

‒ Lightning
suppression
devices

‒ Commercial
baking
ovens

‒ Beacons
on
top
of
cell
towers

‒ Garage
door
openers

‒ TV
remotes

31

Un-Modulated Sources

❑ A
harmonic
is
a
mulCple
of
the
RF
carrier
(fundamental

frequency)

‒ A
750
MHz
frequency
can
produce
harmonics
at
1500
MHz,
2250
MHz,

3000
MHz,
etc.

❑ Legal
large
powered
transmikers
(megawak)
can
produce

a
1
Wak
third
harmonic

‒ TV
transmikers
of
570
to
585
MHz
(channels
30
–
33)
can
cause
problems

on
E-‐UTRA
4
(AWS)
uplink
(1710
–
1755
MHz)
band
if
the
AWS
sector
is

close
to
the
TV
transmiker

32

925 MHz
harmonic from a
462.5 MHz 2-way
radio
Harmonics

❑ Cellular repeater or bidirectional amplifiers
‒ Used to extend in-building cellular coverage or coverage in
areas with marginal coverage
‒ Interference caused by malfunctioning BDAs or retransmission
of undesirable signals at the BDA’s input
‒ Common source of interference, but difficult to locate
33
BDA
Amplifie
r
Dome
Antenna
In-Building Repeater
Repeaters/BDAs

❑ Two
or
more
strong
signals
combine
appearing
as
a

nonlinear
transmimng
device

‒ Can
cause
numerous
interferers
from
the
addiCon
and
subtracCon
of

fundamental
frequencies
with
harmonics

❑ OPen
called
the
“rusty
bolt”
effect

‒ MaCng
of
2
metal
objects
can
create
a
recCfier
effect
when
corrosion
is

present

‒ Generates
spurious
signals
that
are
radiated
by
the
connected
metal

objects

❑ Common
sources

Rusty
bolts,
fences
or
barn
roofs

‒ Corroded
rooPop
air
condiConers

‒ Improperly
connected
or
loose/dirty
connectors
in
the
cell
tower

antenna
feed
line

‒ Cell
tower
guy
lines

‒ UClity
poles
or
wires,
rain
gukers

34

Passive
Intermodula8on

❑ OPen
located
in
shopping
malls,
restaurants,
schools,
military
bases

❑ Sources
can
be
mobile
(cars,
trains,
etc.)

❑ Civilian
use
is
illegal

❑ Typically
easy
to
idenCfy

‒ Strong
constantly-‐on
signal

❑ Usually
raises
noise
ﬂoor

35

Jammer
Inten8onal
Interference

Important
Considera8ons

36

37
Scan Setup
Dual
Scan
Spectrum
Analysis
with
Playback

•  Scan
uplink
and
downlink
for
spectrum

clearing
simultaneously

•  Set
up
separate
scans
for
looking
at
harmonics

Spectrogram
Waterfall
Isolates
Intermiaent

Interferers

Map
with
Triangula8on
Locates
Source
of

Interference

-‐
Ergonomics

-‐
Use
of
COTS
Antennas
(n-‐type
conn.)

Spectrum
Analysis
Considera8ons

DF Antenna Radiation Patterns (typical)
❑ Many users tilt antenna on a 45 deg angle
38

Elevation (Vertical) Azimuth (Horizontal)
Antenna
Angle

39

Mul8path

❑  MulCpath
occurs
when
radio
signals
from
one
source
reach
the

receiving
antenna
via
two
or
more
paths

‒  Caused
by
reflecCons
or
refracCons
off
of
bodies
of
water
or

objects
including
building
and
mountains

‒  Very
common
in
urban
canyons

Mi8ga8on

❑  Find
a
locaCon
away
from
buildings
and
metal
objects

‒  Building
roof

‒  Away
from
metal
objects
including
vehicles

❑  When
finding
a
good
locaCon
is
not
possible

‒  Go
to
an
intersecCon
and
point
antenna
in
each
the
direcCon
of

each
intersecCng
street

‒  Follow
the
street
with
the
highest
signal
from
the
interferer

Mul8path
can
severely
complicate
loca8ng
the
source
of
the
interferer

Radio
Wave
Mul8path

41

❑  Verizon
700
MHz
LTE
cell
site
is
latest
vicCm
of
interference
from

ﬂuorescent
lights

❑  Time
Warner
Cable
Experience
Verizon
LTE
Interference
in
N.C.

‒  Time
Warner
Cable
didn't
take
the
steps
to
properly
shield
its
boxes
and/or
cable
system

❑  Florida
teacher
uses
cellphone
jammer
to
stop
students’
texCng,
draws

a
suspension

‒ 

Interference
References

42

–  Interference
can
be
a
signiﬁcant
source
of

customer
dissaCsfacCon
of
a
mobile
network

resulCng
in
customer
churn
and
lost
revenue

–  External
interference
negaCvely
aﬀects
LTE

networks
at
lower
signal
levels
than
2G
and
3G

technologies

–  Interference
hunCng
is
an
on-‐going
process

since
new
interferers
are
conCnually
created

Summary

43

http://rfsolutions.pctel.com
James.zik@pctel.com
Marc.nguessan@pctel.com
For free LTE and Interference posters, please visit PCTEL RF Solutions website:
Question
s?
Thank
you!

RF
Data
CollecCon
&
Remote
Control/
Monitoring
Using
WINd©
SoluCon

Presenters

Nikhil
Gogaté

Senior
Director
of
Global

Business
Strategy

Luis
Najera

Product
Support
Specialist

Presented
by
Solutelia

Connect
via
Bluetooth
to
the
PCTel
ibFLex
Scanner

Perform:
TopN,
RSSI,
CW
or
Blind
Scan

WINd
App

Seamless
Integra8on

ibWave
Mobile
Planner

Integrated
ibWave
Mobile
Planner
support:

RF
Data
collec8on
and
Site
Survey
in
one

WINd
App

WINd
Console
Real
Time

Console
Remote
View
allows

Real-‐Time
Access
and
Control:
live
data
stream

WINd
Console
Report
Manager

KPI
and
Interval
Reports

Summary
with
Indoor
or
Outdoor
Plots

Console
Reports
allows
near
Instant:

Real-‐Time
KPI,
Interval
and
On-‐Site
Post
Reports

Achieving
Conﬁdence
in
Cyberspace:

It’s
All
about
Risk
Management

Presenter

John
Holmblad

Cyber
Security
OperaIons
specialist
with
the
US

Senate
and
Professor
at
the
University
of

Maryland
University
College

Achieving Confidence In Cyberspace
=> Its All About Risk Management
NEDAS Summer Social - Training
John B. Holmblad
john.holmblad@faculty.umuc.edu
703 407 2278

➢ About You
➢ About your Instructor, that is me
NEDAS Summer Social Training
Event July 15, 2015
©2015 Televerage International 62
Introductions
Company Size
(Employees)
Number of you
Today’s Audience
1
2-10
11-100
101-1,000
1,001-10,000
>10,000

➢  1. Goals of information security
➢  2. The Threat, Vulnerability, Risk, and
Countermeasure Model
➢  3. Threats
➢  4. Vulnerabilities
➢  5. Security policies and security mechanisms
➢  6. Specific Countermeasures
➢  7. The role of trust
➢  8. Assurance
➢  9. Operational Issues
➢  10. Human Issues
➢  11. Sources of Additional Information
Event July 15, 2015
Today’s Agenda

Event July 15, 2015
1. Goals of Information Security

➢  Prevention
➢ Prevent attackers from violating security policy
➢ A potential negative side-effect is that elaborate prevention can
hamper legitimate use (e.g. DRM)
➢  Detection
➢ Detect attackers’ violation of security policy
➢ Typically required because prevention is not always successful
➢  Recovery
➢ Stop attack, assess and repair/remediate damage
➢ Continue to function correctly even if attack succeeds (a kind of fault
tolerance)
Event July 15, 2015
What are the Goals of Information
Security

➢ Our lives are dominated by information.
➢ We want that information to be
➢ Available to us when we want it
➢ Correct with respect to what it purports to be
➢ Denied to those to whom it should not be available
Event July 15, 2015
We are an Information Driven
Society

➢ Information
➢ Protecting information that is stored, transmitted or
viewed on or by means of a computer.
➢ Protecting information resources
Event July 15, 2015
What are we interested in
protecting?

In short, Yes!
➢  Organizations are under attack from both inside and outside the
company
➢  A wide range of attacks are extant (“in the wild”)
➢  Cyber attacks result in serious financial loss and, in some cases,
complete failure of the enterprise
➢  The appropriate level of defense requires more than information
security technologies
Event July 15, 2015
Is there A Problem that Needs
Solving?

➢  Our entire information infrastructure is rife with
vulnerabilities at both the design and at the
implementation level
➢ Design: e.g. BGP, 802.11 WEP
➢ Implementation: e.g. Adobe Flash, Internet Explorer
➢  Vulnerabilities are being routinely exploited
➢  We most often aren’t aware of the exploitation until it is too
late.
Event July 15, 2015
What are the Key Issues?

➢ What is the problem.
➢ Why we have a problem.
➢ What solutions are available to us.
Event July 15, 2015
To achieve/maintain security of our
Information We Must Understand

➢  Confidentiality
➢ Keeping data and resources hidden
➢  Integrity
➢ Data integrity (integrity)
➢ Origin integrity (authentication)
➢  Availability
➢ having access to data and resources
Event July 15, 2015
Information Security Services -
Basic Components

➢ Lets consider these security
services from the perspective of :
➢ P: A Physician
➢ S: A Student
➢ C: A Consumer
Event July 15, 2015
Information Security Services -
Basic Components

➢  P: Passers-by must not see the medical
record; it is only for the physician
➢  S: Student grades are a private matter
between the instructor and the student.
➢  C: Only Amazon’s billing organization
should be able to see the consumer’s
credit card number
Event July 15, 2015
Readable ONLY by those who are
authorized to receive/view /process it

➢  Confidentiality may apply to the properties of information as well as the
information itself:
➢ not how many with H1N1 Flu in the neighborhood, but is there H1N1 Flu at all
➢ why does this employee want to know about jobs at other places?
➢ does a government agency maintain information on a particular citizen?
➢  Confidentiality of resources for storing/maintaining information
➢ what computer systems are used, what configurations, what high-end
equipment is available
Event July 15, 2015
Confidentiality of Information
Properties (aka Metadata)

➢  Interception: Secret voice communication between two parties that
is intercepted
➢  Ex-filtration: Product cost data that is supposed to remain within
the enterprise but which is ex-filtrated to a competitor
➢  Theft: User credentials (e.g. passwords) which are stolen
Event July 15, 2015
Examples of Confidentiality
Violation

➢  P: The physician’s understanding of the
patient's BP, allergies, prescribed drugs, etc.
must all be correct and up to date for this
patient.
➢  S: The student wants historically accurate
information from primary sources where
possible.
➢  C: The consumer wants the description and
price of the book to be accurate
Event July 15, 2015
Integrity means that Information is
Correct with respect to what it
purports to be

➢  When personal information is maintained incorrectly by a service
provider (for example, a loan has been repaid but this is not noted in
the customer’s credit rating)
➢  When information is changed by an entity that does not have the
authority to do so – can be malicious (thus constituting an origin and
data integrity violation)
➢  Libel/defamation
➢  Incorrect source citation
➢  Integrity violations can be prevented but that is more difficult than
simply detecting them.
Event July 15, 2015
Examples of Integrity Violation

➢  P: A physician might look up a patient record
prior to an examination. She needs the record
now.
➢  S: A student wants information about the
holocaust for a research paper. Since he
waited until the last minute it is important that
the web sites are “up”.
➢  C: A consumer wants to purchase a book on
Amazon.com
Event July 15, 2015
Availability means that Information
is Available to the user when the
user wants it

➢  Denial of Service (DOS) attacks in:
➢ E-commerce, News sites, Government information, Remote
electronic voting
➢  DOS Attacks can occur at one of several points
➢ At the origin (preventing server from accessing resources
required to send info.)
➢ At the destination (blocking communication from server)
➢ At an intermediate path (by dropping communication from
either origin or destination)
➢  DOS attacks can be difficult to detect because system behavior
might be due to genuine system overload
Event July 15, 2015
Examples of Availability Violation

Event July 15, 2015
2. Threat, Vulnerability, Risk,
and Countermeasure Model

➢  A threat agent attacks a vulnerability resulting in a risk of loss.
➢  Threats, Vulnerabilities and Countermeasures all interact to
affect the level of risk
➢  Countermeasure should mitigate (reduce) the Risk of Loss, by, eg:
➢ Eliminating the threat (Kill all the wolves)
➢ Eliminating the vulnerability (Build a brick house)
➢ Increasing the cost of attack (Make yourself poisonous to
wolves)
Event July 15, 2015
Threats, Vulnerabilities, Risks and
Countermeasures

Event July 15, 2015
Threat
And Countermeasures
Vulnerability
Vulnerability
Risk

Event July 15, 2015
Threat: An intent to do harm
➢ May refer to the threat agent (e.g., a terrorist,
a fire, a tornado)
➢ Sometimes the word “threat” is mixed with
➢  The risk: e.g., Threat of financial loss
➢  The mechanism: e.g., threat of denial of service or threat of message interception
➢ A threat consists of :
➢ Threat Agent (individual or group)
➢ Means (e.g. resources and organization)
➢ Intent (plan to carry out attack)

➢  Risk represents the negative consequence of a threat acting on a
vulnerability
➢ A company loses $100k due to online bank fraud
➢ A company loses $1M in sales because its web site is unavailable
➢ A company’s common shares lose $1b because of the negative
publicity as a consequence of its ineffective response to a security
breach
➢ A Virus wipes out a student’s thesis and the student does not have a
backup disc and thus learns the lesson “to backup is divine”.
Event July 15, 2015
Risks to Information Security

➢ Information Security is ultimately about risk
management.
➢ Understand what information is important to yourself
or your organization and what is its value
➢ Understand the who-what-when –where of access to
the information
➢ Make and informed decision about how much to
invest to protect the assets based on their value and the
financial risk associated with their loss.
Event July 15, 2015
Enterprise Risk Management

➢ What assets need protection
➢ What financial risk the enterprise will incur if it
fails to protect the asset adequately
➢ How much it will cost to protect the asset
➢ What is the “residual risk”, that is the risk that
remains after performing mitigation actions?
Event July 15, 2015
Risk Analysis is a process that
helps the Enterprise to understand

➢  Government institutions and regulated business (e.g., financial
and healthcare) are required by law (many laws actually!) to
implement some security (e.g. PCI DSS for credit cards, HIPAA
for healthcare, etc.)
➢  Many parts of the private sector have fewer regulatory and
legal mandates for cybersecurity although that is changing
➢ Driven by shareholder value/stock price
➢ Security is viewed as an expense with no clear revenue gain.
➢  Implementing security must always balance the cost with the
benefit.
Event July 15, 2015
Cost vs. Benefits

➢  Examples of Resource Mis-allocation
➢ Purchasing an alarm system for $500,000 to protect a $100,000 town
house
➢ Spending $200,000 on a Security Event Management System to
protect information assets that are worth only $50,000
➢ Spending $500,000 on a state of the art Intrusion Prevention System
but failing to invest opex in training and ongoing operation and
maintenance
Event July 15, 2015
It is Possible to Overspend/
Misspend

➢  Identify the threats to enterprise assets
➢  Identify the vulnerabilities that are exploitable by the
threats
➢  Measure/assess the risk of the threat exploiting the
vulnerability
➢  Identify countermeasures and the corresponding
amount of risk mitigation as a consequence of the
application of those countermeasures
➢  Measure the residual risk to the enterprise after risk
mitigation
Event July 15, 2015
The Process For Risk Assessment

➢ Can you really determine the degree and source
of the threat?
➢ Can you find all the vulnerabilities?
➢ How do you measure risk?
➢ What does the countermeasure cost and how
much risk will it remove?
Event July 15, 2015
Problem Areas for Risk
Management

➢  Risk = Expected Value of Loss.
➢ Given threats t, vulnerabilities v and random variable
N(t, v)
that t exploits v N times during some defined time frame, for
example over a one year period and the probabilistic mean of
N is E(N(t,v))
and
➢ Given that the financial loss L resulting from t exploiting v is
L(t, v),
then
Risk = Σ E(N(t, v))*L(t, v)
Event July 15, 2015
Measuring Risk
(t, v)

➢ Annual Rate of Occurrence (ARO)
➢  E(N(t,v)) = 12 times per year
and
➢ Single Loss Expectancy (SLE)
➢ L(t, v) = $50,000
then
Annual Risk = Σ E(N(t, v))*L(t, v) = 12*$50,000 = $600,000
This is Annual Risk also referred to as the Annual Loss
Expectancy (ALE)
Event July 15, 2015
Measuring Risk - An Example with
some additional definitions
(t, v)

➢  Historically, risk estimators thought they could do this
➢ Annualized Loss Expectancy
➢ FIPSPUB31 Guidelines for Automatic Data Processing Physical Security
and Risk Management, 1974.
➢  In reality, however, It is often very difficult to assign meaningful
values for P(t, v) and L(t, v).
➢ What is the true value of information?
➢ How do you determine the frequency of occurrence of a successfully
exploited vulnerability?
➢  Providers of cyber-risk insurance are developing/improving
actuarial information bases to quantify cyber-risks
➢  As the Cyber-risk insurance market matures risk models will
become more accurate in their predictive capability
Event July 15, 2015
This is not so easy to quantify

➢ Not necessarily
➢ Some entity has to exploit the vulnerabilities
➢ Are there any threats?
➢ What are threats and vulnerabilities anyway?
Event July 15, 2015
Does the presence of Vulnerabilities
imply that there is a material risk?

Event July 15, 2015
3. Threats

➢ Disclosure
➢ Snooping
➢ Deception
➢ Modification, spoofing (masquerading, identity theft),
repudiation of origin, denial of receipt
➢ Disruption
➢ Modification
➢ Usurpation: unauthorized control
➢ Modification, spoofing, delay, denial of service
Event July 15, 2015
Threats Classified by Potential
Security Violation

➢ Delay of access
➢ Denial of access
➢ Destruction
➢ Disclosure
➢ Modification
Event July 15, 2015
Threat Impacts on Information
➢ Threat types are not mutually exclusive and they can be
natural or man-made.
➢ Managers must act to mitigate risks no matter what the
source.

➢ The threat agent somehow acts to delay the
delivery or execution of information services
➢ A natural disaster cutting power or damaging a facility
➢ A malicious hacker interfering with the network
➢ A disgruntled employee deliberately slowing a critical
enterprise workload thereby reducing throughput
Event July 15, 2015
Delay

➢ An extreme form of Delay, where information
services are unavailable for an extended period of
time
➢ A “Distributed Denial of Service” (DDOS) Attack
➢ An animal falling into electrical equipment and thereby
taking out a part of the power grid
➢ An earthquake
Event July 15, 2015
Denial

➢ Information or resources are completely
destroyed.
➢ A Catastrophic fire, earthquake, tornado, etc.
➢ A computer virus reformatting the hard drive
➢ A hacker deleting files.
Event July 15, 2015
©2015 Televerage International
10
0
Destruction

➢ The classic INFOSEC threat. Exposing sensitive
information to unauthorized persons
➢ Military context: “Loose lips sink ships”
➢ An actor’s medical data exposed to the National Enquirer
➢ Consumer credit card numbers exposed to criminal
hackers
➢ Information ex-filtration
Event July 15, 2015
10
1
Disclosure

➢ The unauthorized changing of information.
➢ Possibly one of the more insidious problems as you may
not be aware of it as it is happening.
➢ A medical record incorrectly changed to show no penicillin
allergy.
➢ Geographic data subtly changed resulting in mission failure.
Event July 15, 2015
10
2
Modification

➢ Insiders used to be considered the primary threat.
This is changing
Event July 15, 2015
10
3
Insider Threat

Event July 15, 2015
10
4
4. Vulnerabilities

➢ Vulnerabilities are “weaknesses” in the target
that allow the threat agent to act
➢ Software flaws (e.g. buffer overflow)
➢ Weak or no passwords
➢ Incorrectly configured perimeter protection (firewalls)
➢ Poorly trained staff
➢ Human susceptibility to Social Engineering
Event July 15, 2015
10
5
Vulnerabilities to Computers and
Networks

➢ Most common is the “buffer overflow” flaw
Event July 15, 2015
10
6
Software Flaws
1…………….………….1024
1010100101…1010………1
Programmer expected 1024 input bits but fails to design the software to
incorporate a safety (bounds) check.
Code contained in this
area
Buffe
r

➢ Most common is the “buffer overflow”
Event July 15, 2015
10
7
Software Flaws
1…………….………….1024
1010100101…1010………
1110111010100101100001
0001010100100010010011
1110101010100101000001
1110101101001011101010
0011110101010101110100
1111000000000000110100
0111111101010101000010
1101001000010100100010
1111110101010010101010
101
Attacker feeds >>> 1024 input bits
And fills this area with
attacker’s own
executable code
Buffer
Overflow

Event July 15, 2015
10
8
5. Security Policies and Security
Mechanisms

➢ A Security policy says what is, and is not,
allowed
➢ This defines “security” for the site/system/etc.
➢ Can be in natural/machine-readable language, or within
a mathematical framework
➢ A Security mechanism (technical or procedural,
can use crypto) enforces policies. Also referred to
as Controls.
➢ Composition of security policies
➢ If policies conflict, discrepancies may create security
vulnerabilities
Event July 15, 2015
10
9
Policies and Mechanisms

➢ It is important to understand the difference
between the two concepts.
➢ Policy -> What
➢ Mechanism -> How
➢ An example
➢ Assuring Confidentiality is a policy statement
➢ Alternative mechanisms to support confidentiality
➢ Encryption of the information
➢ Physical protection of the information
Event July 15, 2015
11
0
Policy vs. Mechanism

➢ In the real world most security mechanisms are
broad
➢ The desired goal is for the collection of all the
mechanisms in a system to define a “precise”
overall mechanism
Event July 15, 2015
11
1
How about Security Mechanisms in
the Real World?

➢  Each mechanism should be designed to implement a part or
parts of the policy
➢  The union of all the mechanisms should implement all of the
policy
➢  The mechanisms must be implemented correctly
➢  The mechanisms must be installed, configured and
administrated correctly
Event July 15, 2015
11
2
In order To Trust Security
Mechanisms:

➢  Monitoring and management systems and tools
➢  Intrusion detection systems and tools,
➢  Encryption of data
➢  Anti-tamper mechanisms (e.g. cryptographic hash)
➢  Identification and authentication
➢  Firewalls and proxy servers
➢  Software virus detection tools
➢  Fault tolerant networks and components
➢  Vulnerability scanning tools
➢  Security policies procedures
➢  Secure software development tools
Event July 15, 2015
11
3
Examples of Security Mechanisms

Event July 15, 2015
11
4
6. Specific Countermeasures

Event July 15, 2015
11
5
Conceptual Foundations for Infosec
Best Practice =>Defense In Depth
115

Event July 15, 2015
11
6
Defense in Depth
Internet
WAN
LAN
Workstation
Workstation
LAN
Protect the
OS
Protect the
Communications
Protect the
Interface
Protect the
Physical
Environment
➢ Need to protect
➢ Information in transit
➢ Information at rest

Event July 15, 2015
11
7
Mobility vs Security
➢ User mobility significantly
increases the complexity of
securing information assets

Event July 15, 2015
11
8
Lockheed-Martin Cyber Kill Chain
Model
Remediation
Cost
Lowest
Highest

➢  Monitoring and management systems
➢  Intrusion and misuse detection systems
➢  Identification and authentication systems
➢  Firewalls and proxy servers (for both inbound AND outbound
connection activity)
➢  Software virus detection systems
➢  Fault/failure tolerant network design
➢  Application gateways
➢  Email spam filtering systems
Event July 15, 2015
11
9
Systems, Technologies, and Protocols
for Protecting the Enterprise
Boundary

➢  Monitoring and management systems and tools
➢  Intrusion detection systems
➢  Encryption of data (at rest and in transit)
➢  Anti-tamper mechanisms (cryptographic hashes)
➢  Fault tolerant network design (e.g. Hot Standby Router
Protocol – HSRP)
➢  Virtual LAN (VLAN) isolation
➢  Microsoft AD Domain isolation
Event July 15, 2015
12
0
for Protecting the Network
Infrastructure

➢  Monitoring and management systems
➢  Intrusion and misuse detection systems
➢  Identification and authentication
➢  Software virus detection tools
➢  Vulnerability scanning tools
➢  Security procedures
➢  Secure software development tools
➢  Fault tolerant components
Event July 15, 2015
12
1
for Protecting the Computer
Environment

01: Inventory of Authorized and Unauthorized Devices
02: Inventory of Authorized and Unauthorized Software
03: Secure Configurations for Hardware and Software on Mobile
Devices, Laptops, Workstations, and Servers
04: Continuous Vulnerability Assessment and Remediation
05: Malware Defenses
Event July 15, 2015
12
2
Council on Cybersecurity - Critical
Security Controls - Version 5

Event July 15, 2015
12
3
06: Application Software Security
07: Wireless Access Control
08: Data Recovery Capability
09: Security Skills Assessment and Appropriate Training to Fill Gaps
10: Secure Configurations for Network Devices such as Firewalls,
Routers, and Switches

Event July 15, 2015
12
4
11: Limitation and Control of Network Ports, Protocols, and Services
12: Controlled Use of Administrative Privileges
13: Boundary Defense
14: Maintenance, Monitoring, and Analysis of Audit Logs
15: Controlled Access Based on the Need to Know

Event July 15, 2015
12
5
16: Account Monitoring and Control
17: Data Protection
18: Incident Response and Management
19: Secure Network Engineering
20: Penetration Tests and Red Team Exercises

Against
➢  Confidentiality
➢  Integrity
➢  Availability
➢  Proof of Origin/Receipt
Event July 15, 2015
12
6
Summarizing – A View from 30,000 feet
Mechanisms (AKA
Countermeasures)
➢  Encryption
➢  Authentication
➢  Physical Security
➢  Hardware Protection
➢  Software Protection
➢  Administrative Protection

Event July 15, 2015
12
7
7. The role of trust in
Information Security

➢ We Really can’t do that precisely.
➢ We talk about assurance as a measure of trust,
but that only transfers the problem
➢ Consider food product safety where trust is
achieved by means of a collection of methods,
practices, etc.:
➢ Testing and certification
➢ Manufacturing standards
➢ Safety seals
Event July 15, 2015
12
8
How do we measure trust?

➢  All security policies and mechanisms have assumptions
➢ Sometimes these are explicit
➢ Sometimes these are implicit
➢  Example: Locks and picks
➢  Universal assumptions
➢ The policy can correctly and unambiguously partition the policy
universe into “secure” and “non-secure” states.
➢ The mechanism can enforce the policy
Neither of these assumptions are necessarily valid in
every case
Event July 15, 2015
12
9
Trust Assumptions

Underlie all aspects of security, we assume that:
➢  Policies
➢ Unambiguously partition system states into those which are
secure and nonsecure
➢ Correctly capture security requirements
➢  Mechanisms
➢ Together enforce/implement policy (i.e. prevent entry into a
nonsecure state)
➢ Are implemented, installed and administered correctly
Event July 15, 2015
13
0
Trust Assumptions

Event July 15, 2015
13
1
8. Assurance

What assurance doe we have that a system can be trusted?
➢  First: The specification
➢ Arises from a requirements analysis
➢ Is a statement of desired functionality
➢  Second: The design
➢ How system will meet specification?
➢  Third: The implementation
➢ Programs/systems that carry out design
➢ Difficult to prove correctness of implementation
All of the above affect the level of trust we will have in the system
Event July 15, 2015
13
2
Assurance

Event July 15, 2015
13
3
9. Operational Issues

➢  Cost-Benefit Analysis
➢ Is it cheaper to prevent or recover?
➢  Risk Analysis
➢ Should we protect something?
➢ How much should we protect this thing? (What is the
likelihood of a successful attack?)
➢  Laws and Customs
➢ Are the desired security measures illegal or unethical thereby
limiting their utility?
➢ Will the enforcers perform them?
Event July 15, 2015
13
4
Operational Issues

Event July 15, 2015
13
5
10.Human Issues

➢ Organizational Problems
➢ Power and responsibility
➢ Financial benefits
➢ People problems
➢ Outsiders and insiders
➢ Social engineering attacks
Event July 15, 2015
13
6
Human Issues

➢ Sharing passwords
➢ “Social engineering”
➢ Maintenance
➢ Failure to update computer virus signatures
➢ Failure to install patches
Event July 15, 2015
13
7
The People Problem

Event July 15, 2015
13
8
11. Sources of Additional
Information

Event July 15, 2015
13
9
Sources of Additional Information
➢ SANS Institute - Internet Storm Center
http://isc.sans.org/diary.html?storyid=7027
➢ SANS Institute – Critical Security Controls
https://www.sans.org/critical-security-controls/
➢ US Computer Emergency Response Team (US-CERT)
https://www.us-cert.gov/
➢ Krebs on Security
http://krebsonsecurity.com/

Event July 15, 2015
14
0
Thank You!

The
EvoluCon
of
DAS
Ownership

Panelists

Dennis
Rigney

Vice
President
of
Sales

SOLiD

Presented
by
SOLiD

Chief
Alan
Perdue

ExecuIve
Director

Safer
Building
CoaliIon

Mike
Collado

Vice
President
of
MarkeIng

SOLiD

Pete
Dawson

Strategy,
Research
and
Design

Engineering

Sprint

David
Fox

Director
of
Business
Development

American
Tower

Moderator

NEDAS Toronto:
The Art of Development
September 29th
What’s
Up
Next?

LocaCon

•  Venue

–  2nd
Floor
Events

461
King
St
w

Toronto,
ON
M5V
1K4

•  Hotel
Room
Block

–  Toronto
Marriok

Eaton
Centre
Hotel

Who
Should
Akend?

Public Safety
Construction Engineer Manufacturing Engineer
LegalTelecommunications Vendors
Finance Real Estate
Government & City OfficialsArchitects
Carriers
Engineer

•  Create
new
opportuniCes

•  RelaConship
and
business
development

•  New
tools
and
resources
to
enhance
business

opportuniCes
Theme:
The
Art
of
Development

•  125+
Akendees

•  Half-‐day
full
of
panel
discussions

•  Meet
and
greet
networking
recepCon

•  Exhibits
and
Table
Top
Displays

•  NEDASConnect
App

*NEW*

What
Can
You
Expect?

•  Reach
over
4,000+
industry
connecCons

•  Limited
sponsorship
opportuniCes
include:

–  *Exclusive
NEDASconnect
App

–  MarkeCng
tabletop/exhibits

–  Charging
staCon

–  And
more!

•  Contact:
info@northeastdas.com

Sponsorship
OpportuniCes

For
more
informa8on
visit:

www.nedas.com

#NEDASBoston

and
now

#NEDASToronto

NEDAS Boston Workshop Presentations - July 15, 2015

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à NEDAS Boston Workshop Presentations - July 15, 2015

Similaire à NEDAS Boston Workshop Presentations - July 15, 2015 (20)

Plus de Ilissa Miller

Plus de Ilissa Miller (20)

Dernier

Dernier (20)

NEDAS Boston Workshop Presentations - July 15, 2015