ITU-T X 1205-2008 Overview of cybersecurity (Study Group 17)《信息安全综述 17号研究组》.pdf

1、 International Telecommunication Union ITU-T X.1205TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (04/2008) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security Overview of cybersecurity Recommendation ITU-T X.1205 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS,

2、 OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.180X.199 OPEN SYSTEMS INTERCONNECTION Model and notation X.

3、200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Layer Managed Objects X.280X.289 Conformance testing X.290X.299

4、 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Efficiency X.630X.639 Quality of service X.640X.649 Naming, Ad

5、dressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems Management framework and architecture X.700X.709 Management Communication Service and Protocol X.710X.719 Structure of Management Information X.720X.729 Management functions and ODMA functions

6、 X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, Concurrency and Recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 TELECOMMUNICATION SECURITY X.1000 For further details, pleas

7、e refer to the list of ITU-T Recommendations. Rec. ITU-T X.1205 (04/2008) i Recommendation ITU-T X.1205 Overview of cybersecurity Summary Recommendation ITU-T X.1205 provides a definition for cybersecurity. This Recommendation provides a taxonomy of the security threats from an organization point of

8、 view. Cybersecurity threats and vulnerabilities including the most common hackers tools of the trade are presented. Threats are discussed at various network layers. Various cybersecurity technologies that are available to remedy the threats are discussed, including: routers, firewalls, antivirus pr

9、otection, intrusion detection systems, intrusion protection systems, secure computing and audit and monitoring. Network protection principles, such as defence in depth, access management with application to cybersecurity are discussed. Risk management strategies and techniques are discussed includin

10、g the value of training and education in protecting the network. Examples for securing various networks, based on the discussed technologies, are also discussed. Source Recommendation ITU-T X.1205 was approved on 18 April 2008 by ITU-T Study Group 17 (2005-2008) under the WTSA Resolution 1 procedure

11、 ii Rec. ITU-T X.1205 (04/2008) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of I

12、TU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics

13、for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepare

14、d on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may c

15、ontain certain mandatory provisions (to ensure e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to expre

16、ss requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Prope

17、rty Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of

18、intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 Al

19、l rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1205 (04/2008) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 2 3.1 Terms defined elsewhere 2 3.2 Terms defined in this Recommendation. 2 4

20、Abbreviations 3 5 Conventions 5 6 Introduction 5 7 Cybersecurity 6 7.1 What is cybersecurity? . 6 7.2 Nature of enterprise cybersecurity environment 7 7.3 Threats to cybersecurity and a methodology to address them 9 7.4 End-to-end communications security. 9 8 Possible network protection strategies 1

21、2 8.1 Closed loop policy management 12 8.2 Uniform access management 13 8.3 Secure communications 14 8.4 Variable depth security. 15 8.5 Securing management 16 8.6 Layered security across the application, network and network management 18 8.7 Network survivability even under attack 19 Appendix I Att

22、ackers techniques 20 I.1 Taxonomy of security threats . 20 I.2 Security threats . 23 Appendix II Fields of cybersecurity technologies 26 II.1 Cryptography 27 II.2 Access control technologies . 28 II.3 Antivirus and system integrity 33 II.4 Audit and monitoring . 33 II.5 Management . 34 Appendix III

23、Example of network security. 37 III.1 Securing remote access. 37 III.2 Securing IP telephony. 39 III.3 Securing the remote office 43 III.4 Securing WLAN. 45 Bibliography. 53 Rec. ITU-T X.1205 (04/2008) 1 Recommendation ITU-T X.1205 Overview of cybersecurity 1 Scope This Recommendation develops a def

24、inition of cybersecurity in clause 7. This Recommendation provides a taxonomy of security threats from an organization point of view. NOTE The use of the term “identity“ in this Recommendation does not indicate its absolute meaning. In particular, it does not constitute any positive validation. Clau

25、se 7 discusses the nature of enterprise cybersecurity environment, cybersecurity risks and end-to-end communications security. Clause 8 discusses possible network protection strategies, including: closed loop policy management, uniform access management. Clause 8 also discusses secure communications

26、 techniques, variable depth security, securing the management plane, layered security and network survivability even under attack. Appendix I discusses taxonomy of security threats, hackers tools of the trade and security threats. Appendix II provides a review of the fields of cybersecurity technolo

27、gies, including: cryptograph, access control technologies, perimeter protection techniques, antivirus and system integrity, audit and monitoring, and management. Appendix III provides examples of network security. Examples include: securing remote access, securing IP telephony, securing VoIP clients

28、 securing the remote office and securing WLANs. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommenda

29、tions and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly publ

30、ished. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.800 Recommendation ITU-T X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ITU-T X.805 Recommendation ITU-T X.

31、805 (2003), Security architecture for systems providing end-to-end communications. ITU-T X.811 Recommendation ITU-T X.811 (1995) | ISO/IEC 10181-2:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework. ITU-T X.812 Recommendation ITU-

32、T X.812 (1995) | ISO/IEC 10181-3:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Access control framework. IETF RFC 1918 IETF RFC 1918 (1996), Address Allocation for Private Internets . IETF RFC 2396 IETF RFC 2396 (1998), Uniform Resource Identifiers (

33、URI): Generic Syntax . 2 Rec. ITU-T X.1205 (04/2008) 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 This Recommendation uses the following terms defined in ITU-T X.800: a) Authorization; b) Security architecture; c) Security policy; d)

34、 User. 3.1.2 This Recommendation uses the following terms defined in ITU-T X.805: a) Security dimension; b) Security service. 3.1.3 This Recommendation uses the following terms defined in ITU-T X.811: a) Authentication; b) Principle. 3.1.4 This Recommendation uses the following terms defined in ITU-

35、T X.812: a) Access control information; b) Access; c) Access control; d) User. 3.1.5 This Recommendation uses the following terms defined in IETF RFC 2396: a) Uniform resource identifier (URI); b) URI reference. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms

36、 3.2.1 access point: IEEE 802.11 wireless hub, a special kind of station (STA) operating as an access point. 3.2.2 basic service set (BSS): Coverage area served by one access point (AP). 3.2.3 cryptographic algorithm: A cryptographic algorithm is the means by which data are altered and disguised in

37、 encryption. 3.2.4 cyber environment: This includes users, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. 3.2.5 cybersecurity: Cybersecurity is the collection of tools, polic

38、ies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and users assets. Organization and users assets include connected computing devices, p

39、ersonnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and users assets against rel

40、evant security risks in the cyber environment. The general security objectives comprise the following: Rec. ITU-T X.1205 (04/2008) 3 Availability Integrity, which may include authenticity and non-repudiation Confidentiality. 3.2.6 distributed system: A non-standardized medium for interconnecting BSS

41、s within an ESS. 3.2.7 extensible authentication protocol: This PPP extension providing support for additional authentication methods is part of the b-IEEE 802.1X specification. 3.2.8 extended service set: A single wireless LAN with BSSs within a single IP subnet. 3.2.9 firewall: A system or combina

42、tion of systems that enforces a boundary between two or more networks. A gateway that limits access between networks in accordance with local security policy. 3.2.10 foreign agent: The visited/host networks router that services the mobile node while it is visiting the host network. This foreign agen

43、t handles the tunnelling and delivery between the mobile node and others, and between the mobiles home network and the host network. 3.2.11 honeyspot: A software program that emulates a network so as to attract (and maybe confuse) intruders and track their actions. The output of these systems can be

44、 used to infer the intruders intentions and evidence gathering. 3.2.12 home agent: A router that services the mobile node while it is visiting other networks, maintaining current location information on that mobile node. 3.2.13 hot spots: Public places that host mobile IEEE 802.11 users to connect t

45、o the Internet. 3.2.14 IP mobility: A mechanism which enables more transparent connectivity for mobile nodes that “visit“ different IP sub-networks while travelling. This is a mechanism for mobile management for mobile nodes on both wired networks and wireless networks. 4 Abbreviations This Recommen

46、dation uses the following abbreviations: 3DES Triple Data Encryption Standard AAA Authentication, Authorization and Accounting ACL Access Control List AES Advanced Encryption Standard AP Access Point ASP Application Service Provider BSS Basic Service Set CA Certification Authority CMP Certificate Ma

47、nagement Protocol COPS Common Open Policy Service CRL Certificate Revocation List DISA Direct Inward System Access DNS Domain Name System EAP Extensible Authentication Protocol EMS Element Management System 4 Rec. ITU-T X.1205 (04/2008) ESS Extended Service Set ESSID Extended Service Set Identifier

48、FTP File Transfer Protocol HMAC Hash function based MACs HTTP HyperText Transfer Protocol IDS Intrusion Detection System IKE Internet Key Exchange IP Internet Protocol IPSec Internet Protocol Security ISP Internet Service Provider L2TP Layer 2 Tunnelling Protocol LAN Local Area Network MAC Message A

49、uthentication Code MD5 Message Digest algorithm 5 MIC Message Integrity Check MIME Multipurpose Internet Mail Extensions MPLS MultiProtocol Label Switching MU Mobile Unit NAT Network Address Translation NGN Next Generation Network NIC Network Interface Card NOC Network Operations Centre OAM detection, which includes identifying an attack in progress or afterward; formulating a response to an attack that specifies the collection of countermeasures to an attack to either stop it or reduce its impa