Steven H. Richman

A brink of failure and breach of security detection and recovery system

In todays complex networks, a series of seemingly unrelated and minor events over an extended time period can escalate to catastrophic failure as well as alter the networks security posture. The interactions between these events are too subtle and occur over too long a time for people to recognize and respond to the impending outage or security vulnerability. This paper presents a new concept termed “brink of failure” and demonstrates its relationship to network security. The paper describes an automated Brink of Failure (BOF) and Breach of Security (BOS) Detection and Recovery System that correlates network events to recognize and diagnose BOF conditions and their impact on the networks security posture and also suggests remedial actions. All information is provided on a single display that can be integrated into network operations centers. Scenarios that demonstrate how this system can be used to proactively predict and prevent network outages are also identified.

A framework for ensuring network security

The current focus of network security is concerned with securing individual components as well as preventing unauthorized access to network services. While these are necessary concerns, they do not represent a complete view of network security. In this paper, we present the Lucent Network Security Framework, which provides a comprehensive, top-down, end-to-end perspective on network security. We show how this framework can be applied to network elements, services, and applications including detecting, correcting, and preventing security vulnerabilities. In addition, we demonstrate how the Network Security Framework can be applied to all types of networks and across all layers of the protocol stack. This framework has been submitted to several government and standards bodies (e.g., ITU-T and ISO), and it has been very well received. Service provider networks developed with attention to the Lucent Network Security Framework will have a comprehensive security architecture enabling new value-added revenue-generating security services such as security service-level agreements (SLAs).

Dynamic virtual private networks

Modifications to a virtual private networks (VPNs) topology, security, service provisioning options, or quality of service (QoS) typically require an end-user request to their service provider, whose personnel currently perform the VPN management. This process incurs more provisioning delay and is more costly than user self-provisioning. This paper presents a new service approach and dynamic virtual private network (D-VPN) technology that marries VPNs with directory enabled networking and Web-based subscriber service selection. It places VPN management into the hands of the user to produce instantaneous results, lowering service-provider operations costs, and subsequently reducing the cost to the end user. The paper also describes the target architecture and framework as well as the initial types of services that could be supported by D-VPN technology.3

Enterprise VoIP Reliability

This paper presents VoIP reliability design methods and tools that have been used successfully in our work. It is based on the standards-driven architectural requirements for an enterprise VoIP network. Lucents Accelerate Enterprise Solution (AES) is chosen as a particular example of a flexible enterprise VoIP network that is used both as an in-house enterprise VoIP solution and as an hosted IP telephony service. This paper discusses an enhanced method and procedure of the reliability calculation, using a network matrix-representation. This approach allows for easier modeling setup and calculations as well as offering quick discussion on design alternatives with customers. The modeling methodology is characterized by its flexibility to fit different architectures, i.e. from a simple reference-connection to a complex multi-path network. Typical VoIP requirements and benchmarks are discussed and compared to the modeling results. The observations highlight the challenges that a typical enterprise VoIP network encounters. This reliability modeling work is an integral part of the reliability service level agreement (SLA) framework. A discussion of the risk for the design of SLA is also presented. The paper concludes by discussing the impact of network security on the network availability, which is an area where industry needs to pay attention

Optimal availability and security for IMS-based VoIP networks

Consumers are continuously looking for ways of improving their productivity, simplifying their tasks, and streamlining communications both domestically and globally. This has resulted in the need to support different applications and thus the ongoing process of migrating many network services from traditional circuit-switched networks to Internet Protocol (IP) to converged networks. The circuit-switched public switched telephone network (PSTN) was a closed network where cyber-security threats were not a major issue. With the advent of converged networks and IP-based services, service providers, government, and enterprises are concerned about the growing security threat. The new networks and equipment will be subject to many types of threats and their vulnerabilities may expose mission critical applications and infrastructure to risk. Realization of these threats can lead to service outage. Todays communications service provider must decide how to treat the effects of security breaches so as to minimize service downtime. This paper highlights a methodology, with examples to identify the effect of security-related failures and the critical design factors to be considered when modeling service reliability. The ITU-TX.805 standard (now also ISO standard 18028-2), based on the Bell Labs security model, is used to evaluate potential high impact threats and vulnerabilities. The analysis uses the Bell Labs domain technique known as security domain evaluation. One of the critical outputs provides a prioritized understanding of the threats the network is exposed to and the vulnerabilities in the security architecture. The next step in the methodology includes incorporating the threats (vulnerabilities) identified in a reliability model and quantifying the corresponding service degradation. In this paper, these concepts are applied to IP Multimedia Subsystem (IMS)-based VoIP (Voice over IP) networks. Using reliability metrics, our analysis shows that reliability models are optimistic if we do not consider security. We demonstrate how reliability models can be enhanced to take security issues into account and that the X.805 standard can be used to identify the security threats. Finally, the model shows the mitigation in downtime by including intrusion-tolerance features in the product and network design. Consideration of security-caused downtime will lead to increased focus on preventing security vulnerabilities that can lead to service outages and also allow service providers to save on maintenance costs.

The role of slas in reducing vulnerabilities and recovering from disasters

Many service providers and network operators offer service level agreements (SLAs) supporting various service dimensions, such as price, reliability, and performance, to their customers. SLAs are usually considered more of a luxury item today than a necessity. With the increased focus on homeland security, does it make sense to use security-type SLAs as a vehicle for the government to help secure national critical infrastructures and recover quickly from a disaster? Are network security SLAs a viable option as an umbrella to protect the basic critical infrastructures? This paper discusses (a) the need and value of technical SLAs, (b) SLAs available today and widely used in industry, (c) critical components and content of security SLAs, (d) examples of security SLA architectural design for critical national services, (e) examples of what an SLA can do for homeland security, (f) viability of implementing security SLAs based on the inherent value of security, and (g) improvements required in the future to realize security SLAs as a service provider offering.

Dynamic Changes in Subscriber Behavior and Their Impact on the Telecom Network in Cases of Emergency

The telecommunication network is recognized by the federal government as one of the critical national infrastructures that must be maintained and protected against debilitating attacks. We have previously shown how failures in the telecommunication network can quickly lead to telecommunication congestion and to extended delays in successful call completion. However, even if the telecom network remains fully operational, the special telecommunication demands that materialize at times of emergencies, and dynamically change based on subscriber behavior, can also adversely affect the performance of the overall telecommunication network. The network simulation modeling and analysis research tool (N-SMART) has been developed by Bell Labs as part of its work with the National Infrastructure Simulation and Analysis Center. This center is a joint program at Sandia National Laboratories and Los Alamos National Laboratory, funded and managed by the Department of Homeland Securitys (DHS) Preparedness Directorate. N-SMART is a discrete event (call level) telecom model that simulates capacities, blocking levels, retrials, and time to complete calls for both wireline and wireless networks. N-SMART supports the capability of simulating subscriber reattempt behaviour under various scenarios. Using this capability we show how the network can be adversely impacted by sudden changes in subscriber behavior. We also explore potential solutions and ways of mitigating those impacts

Network Planning of Broadband Wireless Networks

To deploy broadband networks, service providers, such as competing local exchange carriers, need robust plans for providing various types, amounts, and locations of services at competitive prices. Broadband networks generally consist of an access component (wireless access), a concentration component (a wireless aggregation point or hub), a service routing or distribution component (a central office or metro switch), and various combined or separate distribution components (a long-haul backbone data or voice network). Because access, aggregation, and routing or distribution vary greatly in requirements, we developed a method and platform for planning the components of fixed-wireless-broadband (FWB) systems for local loop access. We have helped various service providers to analyze and design many networking scenarios using our methods. The service providers have used these scenarios and their predicted financial outcomes to plan FWB access networks tailored to meet their marketing and financial goals. By implementing our method, one service provider has improved its planning process, achieved a competitive advantage in its markets, and increased its annual service revenues by tens of millions of dollars.

Power, telecommunications, and emergency services in a converged network world

Critical national infrastructures for power, emergency services, finance, and other basic industries rely heavily on information and telecommunications networks (voice, data, Internet) to provide services and conduct business. While todaypsilas legacy networks tend to be highly reliable, tomorrowpsilas converged networks may be less reliable and outages can have cascading effects to other infrastructures. This paper describes a dynamic simulation model of power outages on converged networks which cascades to impact telecommunication for services with limited power back-up, which cascades to impact emergency services (911 or 112 calling).