Trade Shows

September 3, 2002
Curtain Raiser: Telecom Security India 2002

Security an important infrastructure area

Anuja Mathur

The worldwide growth of telecommunication networks, as well as their integration with other open-network technologies such as the Internet has led to the increase of universal connectivity and availability of new network services. Security in telecommunication networks has become a major concern as new and threats have to be dealt with in very large-scale networks.

Security, as an important infrastructure area, will be highlighted at the upcoming international conference on Telecom Security India 2002, on September 25-26, 2002 at Le Meridien, New Delhi, India. Organized by Convergence Plus, the event will bring together international experts, researchers, implementers, and users of network and distributed system security technologies to discuss important issues and challenges.

The conference provides a mix of technical papers and panel presentations describing promising new approaches to security problems. The conference provides a platform where fruitful partnerships will be formed among government and innovators in the private sector to explore new ways of curbing the global telecom security challenge.

Various security tools like auditing, authentication, Kerberos, pluggable authentication module (PAM), public key infrastructure (PKI), smart card, secure socket layer (SSL), virtual private networks (VPNs) and firewalls will be extensively discussed.

Telecom Security India 2002 will have informative sessions on:

  • Security threats for broadband access networks;
  • Security for wireless communications and threats to 2.5G and 3G wireless networks;
  • Encryption security: PKI, certification and allied issues;
  • Security issues associated with voice and video over IP;
  • Mobile application security;
  • Legal issues and IT act: Intellectual property rights (IPRs); and
  • Optical network security threats.

Security initiatives can be developed through a planning process that incorporates network architecture and business-process reviews, application audits, user training and system analysis. It involves tasks like vulnerability testing/risk assessment, intrusion detection and packet filtering. The network faces threats from both internal and external hackers. Security authorizations, authentication and administration (3As) become imperative for all transactions.

Although precautions can be taken to detect an unauthorized user, it is extremely difficult to determine if a valid user is purposefully doing something malicious. Someone may have valid access to an account for updating, but determining whether phony numbers are entered requires more processing. The bottom line is that effective security measures are always a balance between technology and personnel management.

Security products and processes also need to get pushed as close as possible to users. That means building security deeper into networks than is seen today -- more firewalls between departments, security software on desktops, more user training and a greater focus on access control.

Further, traditional network security takes the perspective of "What are we trying to protect?" and "Whom are we trying to protect it from?" If an organization does its planning, it knows that the answers depend on the value of its data. However, those two perspectives say nothing about what kind of access, and by whom, should be permitted.

Programs and data can be secured by issuing identification numbers and passwords to authorized users. However, systems programmers, or other technically competent individuals, will ultimately have access to these codes. In addition, the password only validates that a correct number has been entered, not that it the actual person. Biometric techniques (using fingerprints, eyes, voice, etc.) are a more secure method.

The attitude of Indian corporates toward security is reactive rather than proactive, and is often an afterthought. A firm takes security seriously, but invests in security solutions only after a virus or a hacker has affected it. The exceptions to this are companies that adhere to quality standards, service-oriented organizations, and those that need to abide by RBI regulations.




 

Disclaimer: © All rights reserved. The views expressed on this site are solely those of the authors and do not reflect those of Convergence Plus, Comnet Publishers Pvt. Ltd. and Exhibitions India Pvt. Ltd.