Richard Gurdak

1
Service Providers and Lawful Intercept

• Richard Gurdak
• International Development
• Blue Ridge Networks

2
Business Demands for Computing

• Authorized access to any data, anywhere, anytime.
• Networks utilizing more business friendly
  technologies such as 3G, 4G, WiMaX , Virtual
  Ethernet Networks and network components which
  can compute at increasingly faster speeds will
  exceed the past benefits of computer technology.
• These technologies produce flexibilities and
  efficiencies which organizations, both network
  providers and customers, use to provide more
  solutions with minimal growth in Network Capital.

3
Do More with Less

• Over the past 20 years the performance of the PC
  has increased over 600 Fold (from 6 MHz to 4.0
  GHz) while energy consumed by the system is
  largely unchanged.
• Since the transistor was introduced 40 years ago
  the size has been reduced by 104, power
  consumption by 105 and costs reduced by over 109

4
PC Hard Disc Capacity
5
Exponential Growth
6
Wireless Data Device Price Performance

• Like getting 3 million miles per gallon.

7
Storage Media Price Performance

• Store the Library of Congress collections for
  1,000.

8
The Universal Business Network
9
Any to Any

• Now 10,000,000,000 times more valuable!!!

10
Network Security and Lawful Intercept

• Responsibility to meet LI Requirements
• Local Communications Provider working with the
  Law Enforcement Agencies (LEAs)
• Complexity increased by technology (Mobile, VoIP,
  Encryption)
• Almost all countries have LI requirements and
  have adopted global LI requirements and standards
  developed by the European Telecommunications
  Standards Institute (ETSI) organization. In the
  USA, the requirements are governed by the
  Communications Assistance for Law Enforcement Act
  (CALEA).
• Overlay/Service/Network Manufacturers
• No LI Requirements, but practical considerations

11
Risks associated with LI

• LI systems may be subverted for illicit purposes.
  (Greece 2004)
• Access Point created for gaining private
  information.
• Malicious or inadvertent loss of data

12
Trust as a foundation

• Customers (ISPs, Telcos and end users) use
  Network Products because they trust the product
  will deliver good service at a competitive price
• Network Security products add Trust to the
  expectations.
• Obligation of the Network device/service
  manufacturer is to create the best, most secure,
  product. Meeting LEA requirements is the
  responsibility of the Licensed Operator
  in-country.

13
Providing a Secure Product

• U.S. Security/Encryption companies are subject to
  U.S. export regulations that limit, to a small
  degree, where and to whom products can be sent.
• U.S. law does not require Security/Encryption
  companies to alter encryption products in any way
  for export.
• U.S. law does not limit the use of
  Security/Encryption products within the U.S. or
  the use of products by U.S. entities anywhere in
  the world.

14
Blue Ridge

• By design, our products do not provide any means
  of divulging a traffic encryption key. Not to
  Blue Ridge, not to end-users, and therefore not
  to any government. It is not possible with Blue
  Ridge VPN products to insert a traffic encryption
  key either. All traffic keys are dynamically
  generated using a secure Diffie-Hellman key
  agreement protocol that creates a unique key for
  each session. No one has been able to propose a
  robust way of providing a "key escrow" mechanism
  that does not introduce significant security
  vulnerabilities for all parties.
• There are no "back door" features in our
  products.

15
VPN and LI and Blue Ridge

• It is Blue Ridges position that Lawful Intercept
  of traffic over our products or services would be
  performed at some point in the network where
  cleartext traffic is naturally available. Our
  products, and other VPN/Security products, can be
  configured to provide a cleartext intercept point
  but we have never been asked to do so.
• Even in this event, only the LEA, working via the
  Local Licensed Provider would be able to perform
  the intercept. Not Blue Ridge, nor the customer.

16
Security Products and Services

• Secure Virtual Ethernet Service
• Cost effective private communications over public
  networks
• Supports voice, video and data applications
• Works with any carrier broadband services
• Available as a fully managed service or supported
  product suite
• EdgeGuard End-Point Risk Mitigation
• Enforcement of enterprise security policy for
  fixed and mobile Windows computers
• Auditing of policy compliance
• Discovery of security related risk factors
• Available as a fully managed service or supported
  product suite

17
Secure Virtual Ethernet Service

• Any-to-any, full mesh, enterprise connectivity
• 100 end-to-end security
• Unicast and Multicast
• Any wired or wireless networks
• DSL, Cable Modem, E1, etc.
• Cell wireless, satellite, WiMax
• Any Data applications and Protocols
• Any VoIP applications
• Any IP Video applications
• Anywhere on the globe

18
SVES Deployment
SVES creates a complete end to end private and
secure network on the global Internet.
Enterprise HQ
Enterprise
Regional Office
Internet
Remote workstation
Branch Office
Secure Mobile Office
19
Why Blue Ridge for Security

• A company dedicated to security products and
  services for over 10 years.
• All products are independently certified for
  security features.
• Common Criteria
• NIST FIPS 140-2 level 2
• No reported vulnerabilities in 14 years of use by
  demanding customers.
• Currently providing managed security services in
  39 countries.

20

• Thank You