Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
• Understand challenges for providing
reliable and secure TETRA network operation
• Choose relevant requirements for your
TETRA network
• Establish questions and criteria to evaluate
vendor expertise and solutions
• Mitigate risks for availability, security
and continuity
SCOPE
• Functionality
• Performance
• Scalability - Capacity
• Availability - Reliability - Coverage
• Security
• Continuity
REQUIREMENTS
• Definition of Availability• Availability in Time & Place (coverage)
• Availability versus Reliability• Availability calculation (MTBF, MTTR)
• Increase availability by…• System redundancy
• Link redundancy
• Component redundancy
• Coverage redundancy
• Local Site Fallback
• Direct Mode
AVAILABILITY
• System redundancy• Synchronization, Activation, Recovery > Expected Outage
• Link redundancy• Physical links, Protocols > Expected Outage
AVAILABILITY
MainSwMI
StandbySwMI
BS2 BS4 BS6
BS3 BS5 BS7BS1
Ethernet
E1, DSL, Fiber, ...
Main path to BS4
Standby pathto BS4
• Coverage• Coverage planning
• Drive tests
• Special Coverage Locations
• Continuous coverage reporting
AVAILABILITY
• Security risks• Eavesdropping – Air interface, Fixed network, Control room
• Traffic analysis – Identities, Movements, …
• Denial of Service – Air interface, Fixed network
• Compromised base station – Sensitive key material
• False base station – Take control of valid users
• Unauthorized user access – Eavesdropping, Disinformation, Fraud
• System disruption – System or site unavailability
SECURITY
• TETRA security• Class 2 Air Interface Encryption – SCK
• Class 3 Air Interface Encryption – DCK, CCK
• Class 3G Air Interface Encryption – GCK
• (Mutual) Authentication
• End-to-End Encryption
SECURITY
• System security• System hardening –
Reduce “surface of vulnerability” (services, ports, …)
• Access security – Encryption and (two-factor) user authentication
• Security auditing – Logging of access and command execution
• Security patches – Resolve known vulnerabilities
SECURITY
• Network security• Physical security – Fences, Access control, Alarms
• Cyber security –
Firewall, Intrusion detection, Virus & Malware interception
• Admin access – VPN, (two factor) User authentication
• Network access – VLAN, ACL, EAP
• Link encryption – IPsec, MACsec
• Security auditing – RADIUS, Syslog
SECURITY
• Continuity risks• Failures – How to deal with hardware and software failures
• Complaints – How to pro-actively solve user complaints
• Expansion – How to ensure expansions within budget
• Support – How support can be provided securely and effectively
• Lifecycle – How to deal with hardware and software obsolescence
• Vendor – How to ensure long-term vendor relations
CONTINUITY
• Failure mitigation• Component Failures – Spares, Repairs
• System Failures – Backup, Restore, Disaster recovery
• User Complaints – Logging, Statistics, Analysis, Reporting
CONTINUITY
• Business mitigation• Expansion – Scalability, Cost (Hardware, Licenses)
• Support – Ease of configuration, Remote support,
Service Level Agreements, Cost
• Lifecycle – Software releases, (Security) patches,
End-of-Life Notices, Escrow
• Vendor – Profitability, Strategy, Commitment
CONTINUITY