1、 AMERICAN NATIONAL STANDARD FOR TELECOMMUNICATIONS ATIS-0300276.2008 OPERATIONS, ADMINISTRATION, MAINTENANCE, AND PROVISIONING SECURITY REQUIREMENTS FOR THE PUBLIC TELECOMMUNICATIONS NETWORK: A BASELINE OF SECURITY REQUIREMENTS FOR THE MANAGEMENT PLANE ATIS is the leading technical planning and stan
2、dards development organization committed to the rapid development of global, market-driven standards for the information, entertainment and communications industry. More than 200 companies actively formulate standards in ATIS Committees, covering issues including: IPTV, Cloud Services, Energy Effici
3、ency, IP-Based and Wireless Technologies, Quality of Service, Billing and Operational Support, Emergency Services, Architectural Platforms and Emerging Networks. In addition, numerous Incubators, Focus and Exploratory Groups address evolving industry priorities including Smart Grid, Machine-to-Machi
4、ne, Networked Car, IP Downloadable Security, Policy Management and Network Optimization. ATIS is the North American Organizational Partner for the 3rd Generation Partnership Project (3GPP), a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunica
5、tions Sectors, and a member of the Inter-American Telecommunication Commission (CITEL). ATIS is accredited by the American National Standards Institute (ANSI). For more information, please visit . AMERICAN NATIONAL STANDARD Approval of an American National Standard requires review by ANSI that the r
6、equirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial ag
7、reement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made towards their resolution. The use of American National Standards is completely voluntary; their existence does not in any
8、 respect preclude anyone, whether he has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an in
9、terpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor w
10、hose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken periodically to reaffirm, revise, or withdraw this standard. Purchas
11、ers of American National Standards may receive current information on all standards by calling or writing the American National Standards Institute. Notice of Disclaimer however, many new security challenges are introduced. Threats in the end-user plane now become threats to the management and contr
12、ol planes. The management plane now becomes accessible to the multitude of end-users, and many types of malicious activities become possible. The purpose of this standard is to recommend minimum baseline security mechanisms to help mitigate security risks in the management of telecommunications netw
13、orks. To provide a complete end-to-end solution, all security measures (e.g., access control, authentication) should be applied to each type of network activity (i.e., management plane activity, control plane activity, and end user plane activity) for the network infrastructure, network services, an
14、d network applications. This standard focuses specifically on the security aspect of the management plane for network elements (NE) and management systems (MS), which are part of the network infrastructure. As such, the standard addresses only one aspect of an overall end-to-end security solution, b
15、ut may be used as a starting point for subsequent standards addressing the security of “control” and “end user” planes, as appropriate. The requirements in this standard are applicable to NEs and MSs to be deployed in the future. For NEs in the network that do not meet all the mandatory security req
16、uirements, the overall security requirements at the network architecture design should be supported. This standard addresses security for NE, MS, and element management system (EMS) equipment, and does not specifically address security for other ATIS-0300276.2008 2 equipment such as customer premise
17、 equipment (e.g., voice over Internet Protocol IP telephones) or independent test gear. For such other equipment, all mandatory requirements in this standard should be considered objective recommendations. This standard has been used by the International Telecommunication Union Telecommunications Se
18、ctor (ITU-T) as the base to develop the M.3016.x series of Recommendations. ITU-T Recommendations M.3016.1, M.3016.2 and M.3016.3 specify the requirements, services, and mechanisms for the appropriate security of the management functions necessary to support the telecommunications infrastructure. Be
19、cause different administrations and organizations require varying levels of security support, ITU-T Recs. M.3016.1, M.3016.2 and M.3016.3 do not specify whether a requirement/service/mechanism is mandatory or optional. ITU-T Rec. M.3016.4 defines a profile proforma template to assist administrations
20、 and other national/international organizations to specify the mandatory and optional support of the requirements as well as value ranges, values, etc. to help implement their security policies. This standard requires all implementers to list the security requirements supported in their implementati
21、ons in terms of the requirements as enumerated by this standard. In addition, this standard suggests that for implementers with international interests, the ITU-T M.3016.x series of Recommendations may also be used to specify the security profiles of their implementations. If an implementer chooses
22、to provide such a dual specification of their security implementation, then a mapping between the requirements as enumerated by this standard and those enumerated by the ITU-T M.3016.x series should also be provided. Note that if this “dual specification” process becomes widely adopted, then this st
23、andard may be updated in the future to include the preferred mapping algorithm in order to reduce the possibility of different mapping algorithms being used by different implementers. 1.1 Framework and Model In the context of this standard, to secure something means to protect it (i.e., computers, n
24、etworks, data, or other resources) from unauthorized access, use, or activity. Loss of data, denial of service (DoS), theft of service, and loss of customer confidence are only some of the results of security incidents. System and network administrators need to protect systems and their component el
25、ements from users and from attackers. Although security is multifaceted (spanning operations, physical, communications, processing, and personnel), of concern here are security problems resulting from weaknesses inherent in commonly employed configurations and technology. A threat consists of, but i
26、s not limited to, disclosure, unauthorized use, change, and denial of service. Table 1 lists some security threats. Table 1 - Threats Threat Category*Examples of Threats Unauthorized Access Hacking Unauthorized system access to carry out attacks Theft of service Masquerade Session replay Session hij
27、acking Man-in-the-middle attacks Threats to System Integrity Unauthorized manipulation of system configuration files Unauthorized manipulation of system data Threats to Communication Integrity Unauthorized manipulation of data in transit Threats to Confidentiality Eavesdropping Session recording and
28、 disclosure Privacy violations ATIS-0300276.2008 3 Denial of Service (DoS) Transmission control protocol (TCP) SYN flood Malformed packet attacks Distributed DoS *Derived from T1.233-1993 (R1999), Operations, Administration, Maintenance, and ProvisioningSecurity Framework for Telecommunications Mana
29、gement Network Interfaces and International Organization of Standardization (ISO) 7498-2: 1989 Information Processing SystemsOpen Systems Interconnection Basic Reference ModelPart 2: Security Architecture.1These security threats may be minimized or mitigated within a network system or NE platform or
30、 application by inclusion of security services (as defined in ISO 7498-2:1989 Information Processing SystemsOpen Systems Interconnection Basic Reference ModelPart 2: Security Architecture) to enforce the following: Identification and AUTHENTICATION; Authorization and ACCESS CONTROL Level; Data Integ
31、rity; Privacy and Confidentiality; and Nonrepudiation. This standard addresses security for the management plane - that is, security features to ensure that the network can be administered and managed in a secure manner. Some vulnerability may still exist, even after following the recommendations co
32、ntained in this standard. The following risks are among those with the capability to compromise the management plane: Inappropriate actions by authorized users. These actions can be either malevolent or accidental. Security for the control plane (e.g., signaling, routing, naming, and discovery proto
33、cols) and the end-user plane. The effects of vulnerabilities in specific protocols. Malware (e.g., viruses, Trojan horses, worms, or other embedded code). Once malware successfully compromises any NE/MS, the malware may use the secure network communication links to transmit attacks to other NE/MS co
34、mponents. These attacks may continue until network managers detect the attack and take action to eliminate it. This standard is concerned with the security of management traffic, especially when it traverses networks mixed with end-user traffic. Figure 1 illustrates a reference model that is used to
35、 specify network management security solutions. This model is used to examine logical communication paths within the entire network, and quantify which protocols are used for communications on each path. Using this model, threats and vulnerabilities can be examined for each path, and appropriate sec
36、urity mechanisms can be applied. Multivendor NEs are shown at the bottom of the model in Figure 1. EMSs that provide specific management functions for the particular NE are illustrated above the NE. The network management system (NMS) itself is at the top of the model. The NMS provides overall manag
37、ement to the NE and EMS, and contains specific service and business management applications (e.g., configuration and billing 1A form for requesting historical ATIS documents can be found at , which should be emailed to . ATIS-0300276.2008 4 systems). Remote and local operators are also shown in the
38、model, and communication paths are shown with all other system elements. Network ManagementSystemNetwork ElementRemoteOperatorLocalOperatorNetwork ElementMulti-VendorNetwork Element2. NMS to NE1. NMS to EMS3. EMS to NE4. Remote Operatorto NMS5. Remote Operatorto EMS6. Remote Operatorto NE7. Local Op
39、eratorto NMS9. Local Operatorto NE8. Local Operatorto EMS10. NE to NE11. NE to Foreign NE2. NMS to NEElement ManagementSystemElement ManagementSystem12. EMS to EMSFigure 1 - Network management security reference model The Security Reference Model (Figure 1) may also be useful in correlating telecomm
40、unications management network (TMN)-defined interfaces to the security model. The TMN is defined in International Telecommunication Union Telecommunications Sector (ITU-T) Recommendation M.3010, Principles for a telecommunications management network. It is defined as an architecture for management,
41、including planning, provisioning, installation, maintenance, operations, and administration of telecommunications equipment, networks, and services. In the TMN standard, against which service providers have indicated they will standardize, it is identified that multiple network infrastructures and m
42、ultiple TMNs may exist. In fact, the management of NEs by their associated MSs in the typical service provider environment may traverse numerous data communications networks (DCN). This management traffic may need to negotiate several access control mechanisms (e.g., firewall devices or router acces
43、s lists, and/or network connections and interconnections) in order to get to the NE in question. NEs must traverse many of the same networks and interconnections for return traffic. As such, vendors should know and understand the possible latency issues and work towards delivering solutions to addre
44、ss those issues. ATIS-0300276.2008 5 1.2 Design Guidelines Table 2 presents design guideline objectives that attempt to satisfy the requirements in clause 5 to mitigate the threats proposed in Table 1. Table 2 - Design Guidelines Considered Guideline Description Isolation Insulation of management tr
45、affic from customer traffic. Effective Security Policies Requirements and supporting architectures must allow for policies that are definable, flexible, enforceable, auditable, verifiable, reliable, and usable. Strong AUTHENTICATION, Authorization, and Accounting (AAA) Two-factor and cryptographical
46、ly secure AAA. Highest Benefit for a Given Cost Improve security by implementing security mechanisms that have widely available implementations and widespread deployment, so that use histories allow security mechanisms to be reviewed. Path for Improvement Consider next steps for enhancing and improv
47、ing network management security to further satisfy given requirements with evolving technology and mechanisms, or to satisfy newly defined security requirements. Technical Feasibility Requirements shall be satisfied with products, solutions, and/or technologies available today. Housekeeping Requirem
48、ents should be consistent with standard operating procedures of well-run network management operations. Open Standards Use ideas and concepts that are already standardized (e.g., IP security IPsec, digital signatures). All aspects of the open standards should be addressed including system, protocols
49、, modes, algorithm, option, key size, and encoding. 1.3 Applicability of this standard to the TMN This standard applies to the entirety of the TMN covering both circuit-based NEs and packet-based NEs. Circuit-based NEs provide multiple logical interfaces between switches, transmission elements, signaling elements, and other special-purpose elements that are designed and developed to support traditional telephony services. The packet-based NE model has migrated from the centralized system where all functions were hosted on one platform to a more distributed
