ImageVerifierCode 换一换
格式:PDF , 页数:14 ,大小:110.23KB ,
资源ID:803450      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-803450.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T SERIES X SUPP 2-2007 ITU-T X 800-X 849 series C Supplement on security baseline for network operators (Study Group 17)《ITU-T X 800-X 849系列 网络运营商用安全基准的补充件 研究组17》.pdf)为本站会员(孙刚)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T SERIES X SUPP 2-2007 ITU-T X 800-X 849 series C Supplement on security baseline for network operators (Study Group 17)《ITU-T X 800-X 849系列 网络运营商用安全基准的补充件 研究组17》.pdf

1、 International Telecommunication Union ITU-T Series XTELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 2(09/2007) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY ITU-T X.800-X.849 series Supplement on security baseline for network operators ITU-T X-series Recommendations Su

2、pplement 2 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.180

3、X.199 OPEN SYSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Layer M

4、anaged Objects X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Effici

5、ency X.630X.639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems Management framework and architecture X.700X.709 Management Communication Service and Protocol X.710X.719 Structure of Management Inform

6、ation X.720X.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, Concurrency and Recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 TELE

7、COMMUNICATION SECURITY X.1000 For further details, please refer to the list of ITU-T Recommendations. X series Supplement 2 (09/2007) i Supplement 2 to ITU-T X-series Recommendations ITU-T X.800-X.849 series Supplement on security baseline for network operators Summary Supplement 2 to ITU-T X.800 se

8、ries of Recommendations defines a security baseline against which network operators can assess their network and information security status in terms of readiness and ability to collaborate with other entities (operators, users and law enforcement authorities) to counteract information security thre

9、ats. This supplement can be used by network operators to provide meaningful criteria against which each network operator can be assessed if required. Source Supplement 2 to ITU-T X-series Recommendations was agreed on 28 September 2007 by ITU-T Study Group 17 (2005-2008). ii X series Supplement 2 (0

10、9/2007) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible

11、for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T st

12、udy groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basi

13、s with ISO and IEC. NOTE In this publication, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this publication is voluntary. However, the publication may contain certain mandatory provision

14、s (to ensure e.g. interoperability or applicability) and compliance with the publication is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words

15、 does not suggest that compliance with the publication is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this publication may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning

16、the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the publication development process. As of the date of approval of this publication, ITU had not received notice of intellectual property, protected by patents, which

17、 may be required to implement this publication. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2008 All rights reserved. No part of this publication may be

18、 reproduced, by any means whatsoever, without the prior written permission of ITU. X series Supplement 2 (09/2007) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this supplement. 1 4 Abbreviations and acronyms 2 5 Conventions 2 6 Operat

19、ors policy baseline and implementation 2 7 Technical tools baseline 3 8 Collaboration baseline 4 Bibliography. 6 X series Supplement 2 (09/2007) 1 Supplement 2 to ITU-T X-series Recommendations ITU-T X.800-X.849 series Supplement on security baseline for network operators 1 Scope Nowadays, there are

20、 thousands of network operators, ranging from long-established national incumbents (who have trusted each other for many years) to small, start-up networks with no track record and no real basis of establishing trust, so new problems that did not exist in the traditional regulated environment are no

21、w emerging. It is necessary for operators to know who they are dealing with and the extent to which they can trust other operators to avoid the security problems. Security baseline is the response to this new challenge. The use of this supplement might vary from country to country, according to regu

22、latory regimes. Some regulatory regimes may choose to require that network operators follow the requirements of this supplement. Some network operators may themselves require that other network operators meet certain level of security as a prerequisite to the interconnection. It is recommended that

23、an operator provide telecommunication service for users at the security level that is guaranteed by the implementation of this supplement. The services of higher security level may be provided on customers demand by the operator at a cost to the former. This supplement is organized into three groups

24、: operators policy baseline and implementation, technical tools baseline and collaboration baseline. These must be capable of being verified. Evaluation might be conducted by an operator itself as a declaration procedure or with the assistance of the evaluation body through the compliance certificat

25、ion. NOTE This security baseline includes both technical and management-oriented tools. 2 References None. 3 Definitions 3.1 Terms defined elsewhere This supplement uses the following terms defined elsewhere: 3.1.1 risk management: Coordinated activities to direct and control an organization with re

26、gard to risk b-ISO/IEC 27001. 3.1.2 security policy: The set of rules laid down by the security authority governing the use and provision of security services and facilities b-ITU-T X.509. 3.1.3 unauthorized access: An entity attempts to access data in violation of the security policy in force b-ITU

27、-T M.3016. 3.2 Terms defined in this supplement This supplement defines the following terms: 3.2.1 antiviral software: Computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (maleware). 2 X series Supplement 2 (09/2007) 3.2.2 distributed denial

28、 of service (DDoS): In the context of message handling, when an entity fails to perform its function or prevents other entities from performing their functions, which may be a denial of access, a denial of communications, a deliberate suppression of messages to a particular recipient, traffic floodi

29、ng, an MTA was caused to fail or operate incorrectly, an MTS was caused to deny a service to other users. DDoS threats include denial of communications, MTA failure, MTS flooding. 3.2.3 license agreement: Agreement between owner of the software and the user of its copy. 3.2.4 network operator: An or

30、ganization which operates a telecommunications network. 3.2.5 network operators information security: The state of the network operators information resources and infrastructure protection from random and deliberate influence, natural or artificial, that can cause damage to the network operator and

31、users of communication services. It is characterized by the ability to maintain confidentiality, integrity and accessibility of information during it storage, processing and transmission. 3.2.6 point of interconnect: The point where the operator connects users (or other operators) to the data transm

32、ission service with the declared quality. 3.2.7 service provider: An entity that offers services to users involving the use of network resources. 3.2.8 spam: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk of messages. (Spam affects e-mail, short message systems,

33、IP multimedia systems and other communication systems.) 4 Abbreviations and acronyms This supplement uses the following abbreviations: DDoS Distributed Denial of Service IDS Intrusion Detection Service IPS Intrusion Prevention Service IRT Incident Response Team MTA Message Transfer Agent MTS Message

34、 Transfer System 5 Conventions None. 6 Operators policy baseline and implementation 6.1 Network operators information security provisions must comply with regulatory and legal requirements of the jurisdiction in which the operator is engaged in business activity. In addition, network operators must

35、meet local jurisdiction requirements regarding cooperation with law enforcement agencies. 6.2 It is recommended that the operator adopt a security policy that is based on recognized best practices (such as b-ISO/IEC 27002 and b-ITU-T X.1051) and risk assessment, that meets the demands of business ac

36、tivity, that complies with national legislation and that is in accordance with the internal network operator procedures. It is recommended that operators personnel and external participants (users, interconnected operators and other interested parties) be made aware of the requirements of the securi

37、ty policy. X series Supplement 2 (09/2007) 3 6.3 It is recommended that the operators security policy have a clause dedicated to delimitation of responsibility within the operators personnel, between the operator and its partners, and between the operator and its customers. 6.4 It is recommended tha

38、t the information security requirements that must be followed by personnel be included in the labour contracts (job specification, list of duties) of all employees dealing with publicly-accessible information resources. 6.5 Measures implemented to protect an operators resources or the resources of i

39、ts customers, should not result in harmful consequences for third parties in an information exchange, nor should any side effects of their deployment cause damage or inconvenience that exceeds the impact of the risk being mitigated. 6.6 It is recommended that network operators work collaboratively t

40、o address risks and vulnerabilities. 6.7 Implementation of security facilities should address the reduction of risk and the cost of such measures should reflect the value of the assets protected and the potential damage. 7 Technical tools baseline 7.1 It is recommended that the operator deploy all h

41、ardware and software in strict correspondence with the terms of license agreement, defined by the manufacturer. 7.2 It is recommended to only use individual accounts for access to the interfaces of communication hardware management. The deployment of group accounts is not recommended. 7.3 It is reco

42、mmended that default passwords (set by the manufacturer of the hardware or software) not be used to authorize access to network management interfaces, remote consoles or management and administrative accounts of any communication hardware and/or software. 7.4 It is recommended that the operator inst

43、all updates and patches in a timely manner as recommended by the manufacturer. It is recommended that the operator bring to the notice of users of the facilities, information about applicable patches and updates. 7.5 It is recommended that the information relating to the network management system be

44、 protected by confidentiality and integrity mechanisms or by using network segments physically isolated from service domains. 7.6 It is recommended to install anti-spoofing filters at the points of interconnect with other networks (operators) and end-users, which prevent the transmission of packages

45、 with the outgoing addresses from external networks or multicast addresses, as well as receiving packages with such addresses or with reserved or incorrect addresses. 7.7 It is recommended that inspected packages be labelled so that interconnected operators know that the outgoing address is correct.

46、 In case of traffic congestion, the labelled packages should be prioritized. 7.8 It is recommended that network operators and public information server owners deploy regularly-updated anti-viral software. 7.9 It is recommended to have facilities for detecting infected messages, marking and optionall

47、y deleting them. 7.10 It is recommended that each e-mail information server be enabled with spam-detecting software for all incoming messages and the possibility to mark messages with unsolicited information. The operators may use other methods for counteracting spam. For instance, they could, by pr

48、ior agreement, disconnect users connected to the networks manipulated by violators. 7.11 It is recommended that operators filter spam within their own network. 4 X series Supplement 2 (09/2007) 7.12 It is recommended that each e-mail server have the ability to limit the amount of outgoing messages f

49、rom one user within a unit of time (e.g., for protecting against spam or denial of service attacks). It is recommended to have the ability to delay the delivery of outgoing messages by such sender until the server administrator confirmation is obtained. 7.13 It is recommended that the operator deploy automated discovery of statistical traffic anomalies. It is recommended that such traffic anomaly analysis be used for effective counteraction to DDoS attacks. 7.14 It is recommended that the operator deploy techn

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1