|Network Management Zone|
Security in Network and Element Management Systems: Genband, Motorola and L-3 Communications Style
Security is getting enormous attention these days and it’s easy to understand why. Selling into carriers and government is big business and architecting and building secure management systems is essential.
In this blog, I’ll discuss a few representative NMS/EMS use cases and cover the three key security layers required in management systems: Authentication, Authorization and Audit (AAA), device-to-application communication, and the sometimes forgotten layer of inter-system communications.
The First Layer of NMS/EMS Security: AAA
NOC security usually assumes a good physical security system is already in place. You would see the guard station with the security cameras and maybe see a biometric entry mechanism, but once you are in the facility, it is all about the management system software.
The first layer of NMS/EMS security is generally around AAA or Authentication, Authorization, and Auditing.
Authentication is accomplished through a challenge-handshake mechanism where the credentials of the user are verified using a three-way handshake. The passwords are never sent across to the authentication module; rather a one-way-hash (called key) is used. This provides protection against playback attack using an incrementally changing identifier and a variable challenge value. Polices with strong password rules or the use of tokens can also be employed.
Once the user gets authenticated, he or she is given authorization for access control. Support for user groups provides a mechanism to collectively associate access rights to a set of users. Also, it is not sufficient to just tie up the access rights of a user with the operation performed. Hence, it becomes necessary to have a framework where the permissions are associated with the subsets of objects concerned with the application. This in turn delivers fine-grained access control. The authorization policy is designed with "Fine-Grained Access Control" as the focus. With a vast number of operators using the application, it’s essential that each one works within the allowed space.
Considering the complexity of applications, the Access Control Policy should have the flexibility to define access rights of a user to operate on a subset of objects that the applications work with. The security service achieves this by defining a set of authorized views called scopes. These authorized scopes consist of sets of properties associated with the user operations. Thus, managed object properties such as network, IP address, node, type, etc., are used in authorized views to control the access of the users to a specific type of device within a given IP range in a specified network. Database access or device configuration access may be limited to a few operators as well.
Auditing is about monitoring what the user does from the moment they sign in including the time and status of operation performed. This enables the network administrator to take necessary steps when an unauthorized execution is attempted by any user. Not only for security purposes, audit controls are extremely useful for debugging issues, for they allow you to determine what users were on the system before, during and after an incident so you can reverse engineer problems.
The second layer of NMS/EMS protection is securing communications between the management application and devices across various protocols.
Of course, the first thing people think about are the various encryption standards. In the telecom business, the most common is SNMP v3 that can support SHA, MD5 or DES encryption algorithms. In the government and military space, SNMP v3 with AES encryption as defined and in some cases, mandated by the National Security Agency (NSA).
Besides the secure protocol layers, the management system has various infrastructure components, each looking through various ports. The management system should be flexible enough to be able to assign non-standard port configurations, harden the system by design and be able to monitor port activity.
The Third Layer: Inter-System Communication and Server Security
In the past, people figured that AAA and securing the device to the app pipe was sufficient protection. But to be truly secure today, inter-system communication is also vital.
The NMS/EMS can be deployed in various environments where it needs to support different data stores depending on the requirements. Different data stores like Relational Database, XML, LDAP, NDS, etc., can be integrated. The security module provides administrative interfaces to configure the data store.
In addition, an NMS/EMS can operate across several IT architectures. For instance, the back-end server, database server and a presentation-layer server are often components running on different hardware. Server-to-client communication and database access need to be secure by using SSL or secure RMI (Remote Management Interface). Remote access is set up via HTTPS.
Then, the physical server environment must be hardened. Several steps are involved, such as: ensuring OS patches are up to date; tuning the OS to stop unwanted services running in the system; removing unwanted user accounts; setting a short timeout value for the root account; setting BIOS passwords; and setting automated notification triggers when a list of commands is executed or when system files are modified. Often overlooked, the checking third-party software component configurations are also key.
Here are three representative cases in telecom, military and mobility apps to show how security is being applied in management systems.
Telecom Systems – GENBAND, an innovator in carrier VoIP systems deployed in Tier 1 carriers such as Verizon, views security as essential and a key differentiator. To harden its management system, GenView, GENBAND typically secures NMS-to-NE communications with protocols such as SSH, SFTP, IPsec and SNMPv3 – depending on customer requirements.
AAA is achieved via a RADIUS-supported central security server with configurable password-reset policies. The central security server can also be integrated into the customer AAA system using standard protocols such as Radius and LDAP. Single Sign On (SSO) is provided when launching applications within GenView. Alternatively, the app can be accessed remotely via HTTPS.
Other GENBAND security measures include: pushing performance data via secure FTP, hardening the OS, using restricted ports, conducting periodic vulnerability scans, developing rules to better manage loads, and enforcing rigorous backup/restore procedures to protect data from being corrupted.
Military Grade – An expert in military-grade security, L-3 Communications deploys Type-1 voice/data over IP technologies for governments around the world. L-3’s management system uses many of the same secure infrastructures as commercial carriers, but also supports High Assurance Internet Protocol Encryptor (HAIPE), a National Security Agency-certified technology.
HAIPE is encrypted utilizing Advanced Encryption Standard (AES) algorithms over SNMP v3. The security aspects of L-3’s management platform encompass access control, authentication, data integrity and end-to-end network traffic protection with dual IPv4/IPv6 encryptor capabilities. From a network management point of view, its NMS features real-time equipment fault and performance status, network provisioning and automated policy changes.
L-3 also performs extensive security level checking with an emphasis on device-to-device authentication, audit logging, secure remote software updates, and access control lists. The system is also hardened to operate in extreme temperatures in the range of -40 degrees C to 60 degrees C. The system is also built to withstand vibration/shock, sand, salt and other harsh environments that you don’t want to be in.
Mobile Intelligence & Public Safety – Motorola Solutions ASTRO and Public Safety LTE are leaders in the world of secure, real-time voice/data network for emergency response and mobile intelligence. Their systems, which service local fire/police and state governments, employ end-to-end AES over SNMPv3 for protocol message integrity and authentication. Similar to mil-spec, these systems are rugged, mission-critical and need to be managed via a central console.
These Motorola systems allow operators to troubleshoot faults and remotely configure/optimize system parameters. Since the systems are deployed for government agencies, they comply with FIPs 140-2, a government computer security standard. These days, Motorola Public Safety is moving beyond on-premise systems to managed services and a cloud core offering with guaranteed service levels.
As our brief uses cases show, security is a complex problem area that defies easy answers. Carrier and governmental security requirements are high, yet this has been done before and can be economically accomplished with the right tools and procedures.
Eric Wegner is a 20-year veteran of the industry and has 10 years of experience with ZOHO Corp . (formerly AdventNet) working on large and complex network management infrastructures for network equipment manufacturers, service providers and military contractors. Eric joined the company as the first sales person and is now business development manager leading the WebNMS division in North America.