ITU-T SERIES X SUPP 15-2012 ITU-T X 800-X 849 series C Supplement on guidance for creating a national IP-based public network security centre for developing countries (Study Group .pdf

1、 International Telecommunication Union ITU-T Series XTELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 15(09/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY ITU-T X.800-X.849 series Supplement on guidance for creating a national IP-based public network security centre

2、 for developing countries ITU-T X-series Recommendations Supplement 15 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.

3、499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security managem

4、ent X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.117

5、9 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview

6、 of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, plea

7、se refer to the list of ITU-T Recommendations. X series Supplement 15 (09/2012) i Supplement 15 to ITU-T X-series Recommendations ITU-T X.800-X.849 series Supplement on guidance for creating a national IP-based public network security centre for developing countries Summary Supplement 15 to ITU-T X-

8、series Recommendations provides guidance for the creation of a secure, stable and resilient national Internet protocol-based network infrastructure. The need for technical coordination (in creating secured, stable and resilient networks) arises in cases of failure (severe impairment of the quality o

9、f service) of any significant segment of the network which is part of the public network. The national ICT infrastructure includes fixed and mobile networks as well as the national segment of the Internet. Security incidents may occur due to security problems: attacks like denial of service/distribu

10、ted denial of service (DoS/DDoS); attacks aimed at network infrastructure; natural and anthropogenic disasters and other problems related to deterioration stability (quality of services and features) and security. Under such circumstances, technical coordination means gathering, analysis and managin

11、g information about incidents (including control information). This feature allows identifying threats and preparing the work of reconstruction. This Supplement describes the architectural principles which ensure security, stability and recovery of the national ICT infrastructure in developing count

12、ries based on the IP-based protocol. Consistent application of the principle of “cooperation for safety and security“ leads to the modern formation of the federated trust framework (FTF) or the so-called federated space of trust (FST). This new formation is usually distributed and then hosting servi

13、ces are available to all participants of the collective security system at the national level. Any national telecom operators have the opportunity to join to FTF. The members of FTF have access to all security services which were deployed in the FTF by other operators and the administration of a nat

14、ional centre for network security (NCNS). FTF is organized as a stack of control planes: security control plane, information exchange plane and service exchange plane. This Supplement opens a new dimension in security standardization collaboration in security (alongside such works as security manage

15、ment, exchange of security incident and event information, application security, identification management, etc.). History Edition Recommendation Approval Study Group 1.0 ITU-T X Suppl. 15 2012-09-07 17 ii X series Supplement 15 (09/2012) FOREWORD The International Telecommunication Union (ITU) is t

16、he United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Re

17、commendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. T

18、he approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this publication, the expression “Adminis

19、tration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this publication is voluntary. However, the publication may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance

20、 with the publication is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the publication is required

21、of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this publication may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Pro

22、perty Rights, whether asserted by ITU members or others outside of the publication development process. As of the date of approval of this publication, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this publication. However, implemente

23、rs are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2013 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written per

24、mission of ITU. X series Supplement 15 (09/2012) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 4 Abbreviations and acronyms 1 5 Conventions 2 6 General 2 7 Functioning architecture of the inter-operator group for incident analysis 4 8 Formation of control activities for teleco

25、m operators to ensure continuity of services in daily operation and in emergency situations 6 9 Architectural principles for NCNS creation . 7 9.1 The principle of a federated trust framework (FTF) 8 Bibliography. 10 X series Supplement 15 (09/2012) 1 Supplement 15 to ITU-T X-series Recommendations

26、ITU-T X.800-X.849 series Supplement on guidance for creating a national IP-based public network security centre for developing countries 1 Scope This Supplement describes models which can be used for creating a secure, stable and resilient IP-based network infrastructure, particularly for developing

27、 countries. The models of national centres may be federated, virtual and can be implemented separately or combined. In the framework of one country a number of similar equivalent centres may operate. The conceptual principle is “cooperation for safety and security“. 2 References None. 3 Definitions

28、None. 4 Abbreviations and acronyms This Supplement uses the following abbreviations and acronyms: BPM Business process management CERT Computer Emergency Response Team CIRT Computer Incident Response Team CSIRT Computer Security Incident Response Team DB Database DoS Denial of Service DDoS Distribut

29、ed Denial of Service (attack) DNS Domain Name System DWH Data Warehouse DDW Distributed Data Warehouse FTF Federated Trust Framework GIA Group for Incident Analysis IdM Identity Management IdP Identity Provider IP Internet Protocol MoU Memorandum of Understanding NCNS National Centre for Network Sec

30、urity NMS Network Management System NOC Network Operations Centre OSS/BSS Operation Support System/Business Support System 2 X series Supplement 15 (09/2012) SLA/NDA Service Level Agreement/Non-Disclosure Agreement SOC Security Operations Centre SSO Single Sign-On TNSS Telecommunication Network Secu

31、rity System 5 Conventions None. 6 General This clause describes the architecture of inter-operator interaction which can help to build collective security and safety in the public service infrastructure, based on a national ICT infrastructure. The national IP-based public network security centre for

32、 developing countries was created to promote the secure and sustainable operation of a national ICT infrastructure. This Supplement describes mainly the structure of a national centre for network security (NCNS) and its external interconnections. The constituent elements of the NCNS are (architectur

33、al solutions): integration of functional and security components; organization of the functioning of the inter-operator group for incident analysis; monitoring the status of the ICT infrastructure based on its formal description (formal language); formation of the coordinating actions to provide con

34、tinuity of service of the national ICT infrastructure to citizens, businesses and public authorities, both in daily operation and in emergency situations. The development of a service infrastructure on the national level allows for national telco operators to move from personal protection of the net

35、work perimeter to other forms of security using service platforms which are located in the inter-operator space for building the collective national security. In terms of integration, the NCNS is a multifunctional element in the infrastructure, which allows for the interaction of the functional elem

36、ents placed there by national network operators participants of the collective national security system. Primarily, this relates to service management platforms that are part of the OSS/BSS subsystems. Support for cross-interaction processes with the participants of the national collective security

37、system is a prerequisite to participation. The NCNS usually has no access (including the automatic mode) to the network management systems (NMSs) or other systems of national telco operators to collect any information. At the same time, national telco operators may ask NCNS to turn on its automatic

38、mode for formal exchange of the previously described objects (in special languages) for the definition of security incidents. The structured format will raise the level of automation in the processing of data on incidents through the exchange of structured information on incidents from the telco ope

39、rator in the NCNS. For solving the whole spectrum of problems in collective security, as described in this Supplement, ITU-T may need to develop new protocols/standards. X series Supplement 15 (09/2012) 3 In accordance with the service-oriented architecture, the line between functional components an

40、d security service components fades. The security features should be incorporated into the architecture of each functional element. For the interaction of integrated security elements, an integrated environment is used for distribution of signals and information that can qualify as incidents or secu

41、rity threats from far outside the network in which the event has been registered/recorded. With this integrated environment, the pyramid of events (as described in Figure 1 of b-ITU-T E.409) refers to the entire space of inter-operator interactions for security. An integrated environment is organize

42、d as the stack of three control planes: security control plane, information exchange plane and service exchange plane. 1) The environment for information distribution about security events is described as an additional structural element in the architecture: a specialized security control plane (see

43、 Figure 1) permeates the entire space of collective security. This plane serves as a mediator for distributing security events registered by networks that are connected to the NCNS. The described incidents are the result of signals processed from many network elements. Initial information about inci

44、dents is stored in an NCNS distributed data warehouse (DDW). DDW is under high protection. The security control plane is used for monitoring the status of networks and performing signal interaction of the network through an interaction broker. In the event of an emergency situation, the plane is use

45、d to implement the NCNS provisions in the form of direct control (may be automatic mode) actions with respect to the networks that lost stability as a result of the emergency. X Suppl.15(12)_F01Incidents DB Monitor BrokerEmergencycontrollerSecurity collaboration spaceSecurity control planeNGNSTNSS T

46、NSS TNSSPublic network Public networkPublic networkFigure 1 Security control plane 2) To ensure normal functioning of each network, as well as to reflect threats, all necessary information interaction (in the form of statistical data requests) accumulate in the OSS/BSS. Information interaction shoul

47、d be organized in each network. Such requests may also come from NCNS on the basis of processing the incident database to analyse the state of resources and service levels. This interaction takes place via the information exchange plane (see Figure 2). 3) Transparent interaction processes between te

48、lecom operators (during provision of joint security) is realized by sending messages to/about security services. These services may be provided to each other and to the NCNS security services. All services available to participants in the system, as well as means of controlling them, form the servic

49、e exchange plane (see Figure 3). 4 X series Supplement 15 (09/2012) X Suppl.15(12)_F02DWHInformationbrokerOSS/BSSOSS/BSSOSS/BSSSecurity collaboration spaceInformation exchange planeNGNSPublic network Public networkPublic networkFigure 2 Information exchange plane X Suppl.15(12)_F03BPMSecurityservicesSecurityservicesSecurityservicesTNSSSecurity collaboration spaceService exchange planeNGNSPublic network Public networkPublic networkFigure 3 Service exchange plane 7 Functioning arch