ImageVerifierCode 换一换
格式:PDF , 页数:26 ,大小:301.01KB ,
资源ID:800056      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-800056.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T M 3016 0-2005 Security for the management plane Overview (Study Group 4)《安全管理飞机 电信管理网概述研究组4》.pdf)为本站会员(花仙子)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T M 3016 0-2005 Security for the management plane Overview (Study Group 4)《安全管理飞机 电信管理网概述研究组4》.pdf

1、 International Telecommunication Union ITU-T M.3016.0TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (05/2005) SERIES M: TELECOMMUNICATION MANAGEMENT, INCLUDING TMN AND NETWORK MAINTENANCE Telecommunications management network Security for the management plane: Overview ITU-T Recommendation M.3016.0

2、 ITU-T M-SERIES RECOMMENDATIONS TELECOMMUNICATION MANAGEMENT, INCLUDING TMN AND NETWORK MAINTENANCE Introduction and general principles of maintenance and maintenance organization M.10M.299 International transmission systems M.300M.559 International telephone circuits M.560M.759 Common channel signa

3、lling systems M.760M.799 International telegraph systems and phototelegraph transmission M.800M.899 International leased group and supergroup links M.900M.999 International leased circuits M.1000M.1099 Mobile telecommunication systems and services M.1100M.1199 International public telephone network

4、M.1200M.1299 International data transmission systems M.1300M.1399 Designations and information exchange M.1400M.1999 International transport network M.2000M.2999 Telecommunications management network M.3000M.3599 Integrated services digital networks M.3600M.3999 Common channel signalling systems M.4

5、000M.4999 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. M.3016.0 (05/2005) i ITU-T Recommendation M.3016.0 Security for the management plane: Overview Summary This Recommendation provides an overview and framework that identifies security threats to a TMN and out

6、lines how available security services can be applied within the context of the TMN functional architecture. Source ITU-T Recommendation M.3016.0 was approved on 22 May 2005 by ITU-T Study Group 4 (2005-2008) under the ITU-T Recommendation A.8 procedure. ii ITU-T Rec. M.3016.0 (05/2005) FOREWORD The

7、International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recom

8、mendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The

9、approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Adminis

10、tration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compli

11、ance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is

12、 required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Int

13、ellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendatio

14、n. However, implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. ITU 2005 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of

15、 ITU. ITU-T Rec. M.3016.0 (05/2005) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 2 4 Abbreviations and acronyms 2 5 Rationale. 3 6 System description 3 6.1 Actors and roles 4 6.2 Security domains 5 7 Generic security objectives for TMN . 5 8 Legislation issues 6 9 Threats and risks. 6 1

16、0 Security requirements and services 7 10.1 Security requirements and corresponding services 8 10.2 Requirements on the management of security 12 10.3 Architectural requirements . 13 10.4 Security services and OSI layers 13 10.5 Security management . 15 Appendix I Functional classes and security sub

17、profiles . 16 I.1 Grouping of security measures. 16 I.2 Functional classes. 16 I.3 Security profiles 18 ITU-T Rec. M.3016.0 (05/2005) 1 ITU-T Recommendation M.3016.0 Security for the management plane: Overview 1 Scope This Recommendation provides an overview and framework that identifies security th

18、reats to a TMN and outlines how available security services can be applied within the context of the TMN functional architecture, as described in ITU-T Rec. M.3010. This Recommendation is generic in nature and does not identify or address the requirements for a specific TMN interface. This Recommend

19、ation does not seek to define new security services but uses existing security services defined in other ITU-T Recommendations and ISO Standards. This Recommendation is part of the M.3016.x series of ITU-T Recommendations intended to provide guidance and recommendations for securing the management p

20、lane of evolving networks: ITU-T Rec. M.3016.0 Security for the management plane: Overview. ITU-T Rec. M.3016.1 Security for the management plane: Security requirements. ITU-T Rec. M.3016.2 Security for the management plane: Security services. ITU-T Rec. M.3016.3 Security for the management plane: S

21、ecurity mechanism. ITU-T Rec. M.3016.4 Security for the management plane: Profile proforma. ITU-T Recs M.3016.1, M.3016.2 and M.3016.3 specify a set of requirements, services and mechanisms for the appropriate security of the management functions necessary to support the telecommunications infrastru

22、cture. Because different administrations and organizations require varying levels of security support, ITU-T Recs M.3016.1, M.3016.2 and M.3016.3 do not specify whether a requirement/service/mechanism is mandatory or optional. The proforma defined in ITU-T Rec. M.3016.4 is provided to assist organiz

23、ations, administrations and other national/international organizations, to specify the mandatory and optional support of the requirements as well as value ranges, values, etc. to help implement their security policies. 2 References The following ITU-T Recommendations and other references contain pro

24、visions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possi

25、bility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recomme

26、ndation. ITU-T Recommendation E.408 (2004), Telecommunication networks security requirements. ITU-T Recommendation M.3010 (2000), Principles for a telecommunications management network. ITU-T Recommendation M.3400 (2000), TMN management functions. ITU-T Recommendation X.509 (2000), Information techn

27、ology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks. 2 ITU-T Rec. M.3016.0 (05/2005) ITU-T Recommendation X.741 (1995), Information technology Open Systems Interconnection Systems management: Objects and attributes for access control. ITU-T Recommendatio

28、n X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ITU-T Recommendation X.802 (1995), Information technology Lower layers security model. ITU-T Recommendation X.803 (1994), Information technology Open Systems Interconnection Upper layers security model. IT

29、U-T Recommendation X.810 (1995), Information technology Open Systems Interconnection Security frameworks for open systems: Overview. ITU-T Recommendation X.812 (1995), Information technology Open Systems Interconnection Security frameworks for open systems: Access control framework. ITU-T Recommenda

30、tion X.813 (1996), Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework. ITU-T Recommendation X.814 (1995), Information technology Open Systems Interconnection Security frameworks for open systems: Confidentiality framework. ITU-T Recomm

31、endation X.815 (1995), Information technology Open Systems Interconnection Security frameworks for open systems: Integrity framework. ITU-T Recommendation X.816 (1995), Information technology Open Systems Interconnection Security frameworks for open systems: Security audit and alarms framework. ISO/

32、IEC 9979:1999, Information technology Security techniques Procedures for the registration of cryptographic algorithms. 3 Definitions This Recommendation does not define any new terms. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations: CCITT International Telegraph and

33、 Telephone Consultative Committee DCN Data Communication Network FC Functional classes ISO International Organization for Standardization ITU-T International Telecommunication Union Telecommunication Standardization Sector LLA Logical Layered Architecture MF Mediation Function NEF Network Element Fu

34、nction OSF Operation System Function OSI Open System Interconnection PIN Personal Identification Number TF Transformation Function ITU-T Rec. M.3016.0 (05/2005) 3 TMN Telecommunications Management Network TTP Trusted Third Party WSF WorkStation Function 5 Rationale The requirement for security in TM

35、N has originated from different sources: Customers/subscribers need confidence in the network and the services offered, including correct billing. The Public Community/Authorities demand security by Directives and Legislation, in order to ensure availability of services and privacy protection. Netwo

36、rk Operators/Service Providers themselves need security to safeguard their operation and business interests, and to meet their obligations to the customers and the public. A TMN is intended to manage the underlying telecommunications network; therefore, the security of the TMN is essential to the pr

37、oper functioning of the telecommunications network. Furthermore, the telecommunications network may incorporate security features that need to be managed by the TMN. ITU-T Rec. M.3400 enumerates those security management functions. TMN Security Standards should preferably be based upon international

38、ly agreed security standards as it is beneficial to reuse rather than create new ones. The provisioning and usage of security services and mechanisms can be quite expensive relative to the value of the transactions being protected. It is, therefore, important to be able to customize the security pro

39、vided to the TMN transactions being protected. The security services and mechanisms that are used for securing TMN transactions should be provided in a way that allows such customization. Due to the large number of possible combinations of security features, it is desirable to have security profiles

40、 (see Appendix I) that cover a broad range of TMN security applications. Standardization will facilitate reuse of solutions and products, meaning that security can be introduced faster and at lower cost. Important benefits of standardized solutions for vendors and users of the systems alike are the

41、economy of scale in product development and component interoperation within a TMN system with regard to security. It is necessary to provide security services and mechanisms to protect TMN transactions among TMN entities (as defined in ITU-T Rec. M.3010) against malicious attacks such as eavesdroppi

42、ng, spoofing, tampering with messages (modification, delay, deletion, insertion, replay, re-routing, misrouting, or re-ordering of messages), repudiation or forgery. Protection includes prevention, detection and recovery from attacks, as well as management of security-related information. Standards

43、should cover both intra-domain (Q and F) and inter-domain (X) interfaces. 6 System description The objective of this Recommendation is an abstraction which makes it possible to avoid the many implementation details and to agree upon results that may be useful when later mapped on to specific impleme

44、ntations. The TMN is described in terms of a functional architecture, an information architecture and a physical architecture (ITU-T Rec. M.3010). It is recognized in ITU-T Rec. M.3010 that TMN building blocks may support other interfaces in addition to those of Q, X and F. Similarly, the physical e

45、quipment may have other functionality in addition to that associated with information received via Q, X and F. These additional interfaces 4 ITU-T Rec. M.3016.0 (05/2005) and related functionality are outside the scope of the TMN and, therefore, outside the scope of TMN security standardization. M.3

46、016.0_F6.1OSFNEFWSFqfqgTFOSFNEFWSFqqfqmgTMN TMNxFigure 1/M.3016.0 TMN functional architecture 6.1 Actors and roles For the purpose of TMN security standardization, only technical security will be considered, which means that the relevant actors to consider are TMN users. A TMN user is a person or pr

47、ocess applying TMN Management Services for the purpose of fulfilling management operations. TMN users can further be categorized dependent on whether they belong to the organization running the TMN (internal users) or whether they access the TMN as external users. Each time a TMN user accesses a Man

48、agement Service, the TMN user will take on a role. In some cases there will be a one-to-one relationship between a TMN user and a role, i.e., the TMN user will always stay in the same role. In other cases, there will be a one-to-many relationship between a specific TMN user and the possible roles th

49、e TMN user can play. The following gives a high-level classification of some common roles: Network Operators (private or public); Service Providers (Bearer Service Providers or Value Added Service Providers); Service Subscribers/Service Customers; Service End Users; Equipment/Software Vendors; Trusted Third Party (that is, a third party who is trusted by both parties and operates in accordance with relevant national laws and regulations to provide certification, authentic

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1