ETSI TS 133 117-2017 Universal Mobile Telecommunications System (UMTS) LTE Catalogue of general security assurance requirements (V14 2 0 3GPP TS 33 117 version 14 2 0 Release 14).pdf

1、 ETSI TS 133 117 V14.1.0 (2017-05) Universal Mobile Telecommunications System (UMTS); LTE; Catalogue of general security assurance requirements (3GPP TS 33.117 version 14.1.0 Release 14) TECHNICAL SPECIFICATION ETSI ETSI TS 133 117 V14.1.0 (2017-05)13GPP TS 33.117 version 14.1.0 Release 14Reference

2、DTS/TSGS-0333117ve10 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice

3、 The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorizati

4、on of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be awa

5、re that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following se

6、rvices: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version

7、shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered

8、 for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ET

9、SI TS 133 117 V14.1.0 (2017-05)23GPP TS 33.117 version 14.1.0 Release 14Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and

10、non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/).

11、Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present

12、 document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being refere

13、nces to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“

14、, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 133 117 V14.1.0 (2017-05)33GPP TS 33.117 vers

15、ion 14.1.0 Release 14Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 5g31 Scope 6g32 References 6g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 7g34 Catalogue of security requirements and related test cases . 7g34.1 Introduc

16、tion 7g34.1.1 Pre-requisites for testing . 7g34.1.2 Use of tools in testing . 7g34.1.3 Documentation Requirements . 8g34.2 Security functional requirements and related test cases . 8g34.2.1 Introduction. 8g34.2.2 Security functional requirements deriving from 3GPP specifications and related test cas

17、es 8g34.2.2.1 Security functional requirements deriving from 3GPP specifications general approach . 8g34.2.3 Technical baseline. 9g34.2.3.1 Introduction . 9g34.2.3.2 Protecting data and information 9g34.2.3.2.1 Protecting data and information general . 9g34.2.3.2.2 Protecting data and information Co

18、nfidential System Internal Data . 9g34.2.3.2.3 Protecting data and information in storage 10g34.2.3.2.4 Protecting data and information in transfer 11g34.2.3.2.5 Logging access to personal data 12g34.2.3.3 Protecting availability and integrity 12g34.2.3.3.1 System handling during overload situations

19、 12g34.2.3.3.2 Boot from intended memory devices only . 13g34.2.3.3.3 System handling during excessive overload situations 14g34.2.3.3.4 System robustness against unexpected input. 15g34.2.3.3.5 Network Product software package integrity. 16g34.2.3.4 Authentication and authorization 17g34.2.3.4.1 Au

20、thentication policy 17g34.2.3.4.2 Authentication attributes 20g34.2.3.4.2.1 Account protectionby at least one authentication attribute. . 20g34.2.3.4.3 Password policy . 23g34.2.3.4.4 Specific Authentication use cases 30g34.2.3.4.5 Policy regarding consecutive failed login attempts . 31g34.2.3.4.6 A

21、uthorization and access control . 33g34.2.3.5 Protecting sessions 35g34.2.3.5.1 Protecting sessions logout function 35g34.2.3.5.2 Protecting sessions Inactivity timeout 35g34.2.3.6 Logging . 36g34.2.3.6.1 Security event logging . 36g34.2.3.6.2 Log transfer to centralized storage 38g34.2.3.6.3 Protec

22、tion of security event log files . 39g34.2.4 Operating systems . 40g34.2.4.1 General operating system requirements and related test cases 40g34.2.4.1.1 Availability and Integrity. 40g34.2.4.1.2 Authentication and Authorization 44g34.2.4.2 UNIX specific requirements and related test cases 46g34.2.4.2

23、.1 General 46g34.2.4.2.2 System account identification 46g3ETSI ETSI TS 133 117 V14.1.0 (2017-05)43GPP TS 33.117 version 14.1.0 Release 144.2.5 Web Servers 46g34.2.5.1 HTTPS 46g34.2.5.2 Logging . 47g34.2.5.2.1 Webserver logging . 47g34.2.5.3 HTTP User sessions 47g34.2.5.4 HTTP input validation. 49g3

24、4.2.6 Network Devices 50g34.2.6.1 Protection of Data and Information . 50g34.2.6.2 Protecting availability and integrity 50g34.2.6.2.1 Packet filtering. 50g34.2.6.2.2 Interface robustness requirements . 51g34.2.6.2.3 GTP-C Filtering . 51g34.2.6.2.3 GTP-U Filtering 54g34.3 Security requirements and r

25、elated test cases related to hardening 56g34.3.1 Introduction. 56g34.3.2 Technical Baseline 56g34.3.2.1 No unnecessary or insecure services / protocols . 56g34.3.2.2 Restricted reachability of services . 58g34.3.2.3 No unused software . 59g34.3.2.4 No unused functions 61g34.3.2.5 No unsupported comp

26、onents . 62g34.3.2.6 Remote login restrictions for privileged users. 63g34.3.2.7 Filesystem Authorization privileges 64g34.3.3 Operating Systems 65g34.3.3.1 General operating system requirements and test cases 65g34.3.3.1.1 IP-Source address spoofing mitigation 65g34.3.3.1.2 Minimized kernel network

27、 functions . 67g34.3.3.1.3 No automatic launch of removable media . 71g34.3.3.1.4 SYN Flood Prevention 72g34.3.3.1.5 Protection from buffer overflows 73g34.3.3.1.6 External file system mount restrictions . 75g34.3.4 Web Servers 75g34.3.4.1 General 75g34.3.4.2 No system privileges for web server . 76

28、g34.3.4.3 No unused HTTP methods 76g34.3.4.4 No unused add-ons 77g34.3.4.5 No compiler, interpreter, or shell via CGI or other server-side scripting 78g34.3.4.6 No CGI or other scripting for uploads. 79g34.3.4.7 No execution of system commands with SSI 79g34.3.4.8 Access rights for web server config

29、uration . 80g34.3.4.9 No default content . 81g34.3.4.10 No directory listings 81g34.3.4.11 Web server information in HTTP headers 82g34.3.4.12 Web server information in error pages 83g34.3.4.13 Minimized file type mappings. 83g34.3.4.14 Restricted file access . 84g34.3.4.15 Execute rights exclusive

30、for CGI/Scripting directory . 85g34.3.5 Network Devices 86g34.3.5.1 Traffic Separation . 86g34.4 Basic vulnerability testing requirements 86g3Annex A (informative): Change history . 92g3History 93g3ETSI ETSI TS 133 117 V14.1.0 (2017-05)53GPP TS 33.117 version 14.1.0 Release 14Foreword This Technical

31、 Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the

32、 TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremen

33、ted for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. ETSI ETSI TS 133 117 V14.1.0 (2017-05)63GPP TS 33.117 version 14.1.0 Release 141 Scope The present document c

34、ontains objectives, requirements and test cases that are deemed applicable, possibly after adaptation, to several network product classes. It has been recognized that several network product classes will share very similar if not identical security requirements for some aspects. Therefore, these are

35、 collected in this “catalogue“ document applicable to many network product classes. In addition to this catalogue, requirements specific to different network product classes will be captured in separate documents. 2 References The following documents contain provisions which, through reference in th

36、is text, constitute provisions of the present document. - References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. - For a specific reference, subsequent revisions do not apply. - For a non-specific reference, the latest version applie

37、s. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 2 3GPP TR 41.001: “GSM Specification set

38、“. 3 IETF RFC 3871: “Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure“. 4 3GPP TR 33.926: “Security Assurance Specification (SCAS) threats and critical assets in 3GPP network product classes“. 3 Definitions and abbreviations 3.1 Definitions For th

39、e purposes of the present document, the terms and definitions given in 3GPP TR 21.905 1 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in 3GPP TR 21.905 1. Machine Accounts: These will be used for authentication and auth

40、orization from system to system or between applications on a system and cannot be assigned to a single person or a group of persons. Personal data: any information relating to an identified or identifiable natural person (data subject). Identifiable person: one who can be identified, directly or ind

41、irectly, in particular by reference to an identification number, name or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. NOTE: personal data can be gathered from user data and traffic data. Sensitive data: data that may be used for authe

42、ntication or may help to identify the user, such as user names, passwords, PINs, cryptographic keys, IMSIs, IMEIs, MSISDNs, or IP addresses of the UE, as well as files of a system that are needed for the functionality such as firmware images, patches, drivers or kernel modules. System group account:

43、 a predefined system account in the network product, usually with special privileges, which has a predefined user id and hence cannot be tied to a single user (individual) in a normal operating environment. ETSI ETSI TS 133 117 V14.1.0 (2017-05)73GPP TS 33.117 version 14.1.0 Release 14EXAMPLE: the r

44、oot account. 3.2 Abbreviations For the purposes of the present document, the abbreviations given in 3GPP TR 21.905 1 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in 3GPP TR 21.905 1. CIS Center for Int

45、ernet Security 4 Catalogue of security requirements and related test cases 4.1 Introduction 4.1.1 Pre-requisites for testing The SCAS tests, as described in the present specification, are to be applied to a network product whose software and hardware has been brought into use so that the network pro

46、duct can provide the intended functionality, either in a real network environment or in a simulated environment. This implies that, before any testing is performed, the hardware and software has been installed correctly, the network product is powered on, and communication has been established over

47、all standardized interfaces and OAM interfaces related with the network products functionality, as described in the vendors documentation. Communication over external non standardized Interfaces that may exist and are marked as optional, according to the vendors documentation, shall also be establis

48、hed during testing unless they are explicitly marked as “not recommended“ in the vendors documentation. For each of the enabled external communication interfaces there may be various optional capabilities. During testing, all such capabilities shall be enabled unless they are explicitly marked as “n

49、ot recommended“ in the vendors documentation. In some cases a testcase might require configuration changes as part of the execution steps or pre-conditions. After such test is executed and prior any further test execution it needs to be ensured that the state of the ToE is restored back in the original state. SCAS testing is not about security in operations and deployments. So, in particular, SCAS testing is independent of any operator guidelines or considerations on specific deployment scenarios. 4.1.2 Use of tools in testing The followin