ImageVerifierCode 换一换
格式:PDF , 页数:32 ,大小:529.04KB ,
资源ID:804469      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-804469.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T X 1039-2016 Technical security measures for implementation of ITU-T X 805 security dimensions (Study Group 17)《在ITU-T x 805安全方面实施的技术保障措施(研究组17)》.pdf)为本站会员(tireattitude366)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T X 1039-2016 Technical security measures for implementation of ITU-T X 805 security dimensions (Study Group 17)《在ITU-T x 805安全方面实施的技术保障措施(研究组17)》.pdf

1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1039 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2016) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Information and network security Network security Technical security measures for implementat

2、ion of ITU-T X.805 security dimensions Recommendation ITU-T X.1039 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499

3、DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management

4、X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IP

5、TV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 PKI related Recommendations X.1340X.1349 CYBERS

6、ECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X

7、.1580X.1589 CLOUD COMPUTING SECURITY Overview of cloud computing security X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computing security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For

8、 further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1039 (10/2016) i Recommendation ITU-T X.1039 Technical security measures for implementation of ITU-T X.805 security dimensions Summary Many organizations in developing countries as well as developed countries may have

9、difficulties in implementing the high-level dimensions described in Recommendation ITU-T X.805. Recommendation ITU-T X.1039 is aimed at providing a set of security measures to implement the high-level dimensions. It also provides technical implementation guidance for security measures that can be us

10、ed to improve organizations security response capabilities. A set of security measures described in this Recommendation could assist organizations in managing information security risks and implementing technical dimensions. The audience of this Recommendation includes, but is not limited to, those

11、individuals responsible for implementing an organizations information security dimensions. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X.1039 2016-10-14 17 11.1002/1000/13059 Keywords Security dimension, security measures, technical implementation guidance. * To access t

12、he Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T X.1039 (10/2016) FOREWORD The International Telecommunication Union (ITU) is the United Na

13、tions specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendation

14、s on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval

15、of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“

16、is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance wi

17、th the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is requir

18、ed of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectua

19、l Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. Howev

20、er, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2017 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the pri

21、or written permission of ITU. Rec. ITU-T X.1039 (10/2016) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 2 4 Abbreviations and acronyms 2 5 Conventions 3 6 Overview of information security measures . 3

22、7 Information security measures 4 7.1 Access control 4 7.2 Authentication 4 7.3 Non-repudiation 5 7.4 Data confidentiality 6 7.5 Communication security . 6 7.6 Data integrity 8 7.7 Availability . 8 7.8 Privacy 9 Annex A Additional technical implementation guidance . 10 A.1 Secure configuration . 10

23、A.2 Malware protection . 10 A.3 Patch management 11 A.4 Vulnerability management . 11 A.5 Information security incidents management 11 A.6 System development security . 12 A.7 Authentication for information systems and applications 12 A.8 Data leakage prevention . 13 A.9 Operations security . 13 A.1

24、0 Backup and disaster recovery . 13 A.11 Desktop PC and mobile device protection . 13 Appendix I Organizational implementation guidance 15 I.1 Information security policies . 15 I.2 Organization of information security . 15 I.3 Human resources security 16 I.4 Asset management . 17 I.5 Physical and e

25、nvironment security 17 I.6 Supplier relationship 18 Appendix II Level of security assurance . 19 iv Rec. ITU-T X.1039 (10/2016) Page II.1 Level of assurance for entity authentication b-ITU-T X.1254 19 II.2 Level of security assurance 19 Appendix III Guidance on assigning specific level of security a

26、ssurance from the final index . 20 III.1 Methodology for level of security assurance 20 Appendix IV SGSN specific implementation guideline . 21 IV.1 Overview 21 IV.2 Access control dimension for module 1 . 21 IV.3 Availability dimension for module 1 21 IV.4 Non repudiation dimension for module 1 . 2

27、2 IV.5 Authentication dimension for module 1 . 22 IV.6 Data integrity dimension for module 22 IV.7 Privacy and data confidentiality dimension for module 1 22 IV.8 Communication security dimension for module 1 . 22 Bibliography. 23 Rec. ITU-T X.1039 (10/2016) 1 Recommendation ITU-T X.1039 Technical s

28、ecurity measures for implementation of ITU-T X.805 security dimensions 1 Scope This Recommendation provides technical security measures for the implementation of ITU-T X.805 security dimensions, which includes access control, communication security, authentications, and data confidentiality. It also

29、 provides examples for applying the set of technical security measures to the organizations with practical levels of information security dimensions, etc. in the appendices. It is not intended to cover all security measures, but to focus on several technical issues. This Recommendation is applicable

30、 to all type of telecommunication organizations, including those in the developing countries. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the

31、editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently

32、valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.805 Recommendation ITU-T X.805 (2003), Security architecture for systems providing end-to-end communications

33、. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 access control b-ITU-T X.800: The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. 3.1.2 authentication b-ITU-T X.12

34、54: Provision of assurance in the identity of an entity. 3.1.3 authorization b-ITU-T X.1254: The granting of rights, which includes the granting of access based on access rights. 3.1.4 availability b-ITU-T X.800: The property of being accessible and useable upon demand by an authorized entity. 3.1.5

35、 confidentiality b-ITU-T X.800: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. 3.1.6 data integrity b-ITU-T X.800: The property that data has not been altered or destroyed in an unauthorized manner. 3.1.7 firewall b-ISO/IEC 27033

36、-1: Type of security barrier placed between network environments consisting of a dedicated device or a composite of several components and techniques through which all traffic from one network environment traverses to another, and vice versa, and only authorized traffic, as defined by the local secu

37、rity policy, is allowed to pass. 2 Rec. ITU-T X.1039 (10/2016) 3.1.8 intrusion detection b-ISO/IEC 27039: Formal process of detecting intrusions, generally characterized by gathering knowledge about abnormal usage patterns, as well as what, how, and which vulnerability has been exploited to include

38、how and when it occurred. 3.1.9 intrusion detection system b-ISO/IEC 27039: Information systems used to identify that an intrusion has been attempted, is occurring, or has occurred. 3.1.10 intrusion prevention system b-ISO/IEC 27039: Variant on intrusion detection systems that are specifically desig

39、ned to provide an active response capability. 3.1.11 privacy b-ITU-T-X.800: The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. NOTE Because this term relates to the right of individu

40、als, it cannot be very precise and its use should be avoided except as a motivation for requiring security. 3.1.12 security gateway b-ISO/IEC 27033-1: Point of connection between networks, or between subgroups within networks, or between software applications within different security domains intend

41、ed to protect a network according to a given security policy. 3.1.13 repudiation b-ITU-T X.800: Denial by one of the entities involved in a communication of having participated in all or part of the communication. 3.1.14 threat b-ISO/IEC 27000: Potential cause of an unwanted incident, which may resu

42、lt in harm to a system or organization. 3.2 Terms defined in this Recommendation None. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: 2FA Two-Factor Authentication ACL Access Control Lists AES Advanced Encryption Standard ATM Automatic Teller Machine

43、CEO Chief Executive Officer DDoS Distributed Denial of Service DHCP Dynamic Host Configuration Protocol DMZ Demilitarized Zone FTP File Transfer Protocol GGSN Gateway General packet radio service (GPSR) Support Node GPRS General Packet Radio Service HIDS Host Based Intrusion Detection System HTTP Hy

44、pertext Transport Protocol HTTPS Hypertext Transport Protocol Secure ICT Information Communication Technology IDPS Intrusion Detection and Prevention System Rec. ITU-T X.1039 (10/2016) 3 IDS Intrusion Detection System IP Internet Protocol IPS Intrusion Prevention Systems IPSec Internet Protocol Secu

45、rity IPSG IP Source Guard ISP Internet Service Provider MFA Multi-Factor Authentication NIDS Network Based Intrusion System OS Operating system OSI Open System Interconnection PC Personal Computer PII Personally Identifiable Information PIN Personal Identification Number RPC Remote Procedure Call SF

46、A Single Factor Authentication SGSN Serving GPRS Support Node SMB Server Message Block SNMP Simple Network Management Protocol TFA Three-Factor Authentication TLS Transport Layer Security VPN Virtual Private Network 5 Conventions None. 6 Overview of information security measures A security measures

47、is a means of managing risk, and includes policies, procedures, guidelines, practices or organisational structures, which can be of an administrative, technical, management, or legal nature. A security dimension is a set of security measures designed to address a particular aspect of the network sec

48、urity. The security dimensions, defined in ITU-T X.805 are: access control; authentication; non-repudiation; data confidentiality; communication security; data integrity; availability; and privacy. 4 Rec. ITU-T X.1039 (10/2016) A set of technical implementation guidance for each dimension should be

49、defined and implemented by organizations. This Recommendation presents a technical implementation guideline, which provides a set of security measures for each dimension, for mitigating the most common threats. Deploying these security measures can assist an organisation in protecting against the most common forms of cyber-attack emanating from the external network. Organisations implementing these security measures can benefit by gaining confidence

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1