1、I NTE R N AT1 0 N A L STANDARD without modification, as CAN/CSA-ISO/IEC-10164-7-95, which has been approved as a National Standard of Canada by the Standards Council of Canada. December 1995 ISOIIEC I01 64-7 First edition 1992-05-1 5 Information technology - Open Systems Interconnection - Systems Ma
2、nagement: Security alarm reporting function Technologies de /information - lnterconnexion de sysfemes ouverts - Gestion-systgrne: Foncfion de compte rendu daiarme de securitk National Standard of Canada CA N/CSA-ISO/1EC-lOl64-7-95 (Reaffirmed 2004) Reference number ISO/IEC 10164-7:1992(E) ISOflEC 10
3、164-7 : 1992(3) Contents Page Foreword . iii Introduction . iv 1 scope 1 2 Normative references 2 2.1 Identical CCTT Recommendations 1 International Standards 2 2.2 Paired CCI“ Recommendations I Lnternational Standards equivalent in technical. content . 2 2.3 Additional references 3 3 Definitions 3
4、3.1 Basic reference model definitions . 3 3 3.3 Management framework deftio ns 3 3.4 Systems management overview definitions . 3 3.5 Event report management function definitions 4 3.6 Service conventions definitions . 4 3.7 OS1 conformance testing definitions 4 3.8 Additional definitions 4 3.2 Secur
5、ity architecture definitions 4 Abbreviations . 4 5 Conventions 4 6 Requirements. . 5 7 Model . 5 8 Generic definitions . 5 8.1 Generic notifications . 5 8.2 Managed object . 8 8.3 Imported generic definitions 8 8.4 Compliance . 8 9 Service definition 8 9.1 Introduction 8 9.2 Security alarm reporting
6、 service 8 10 Functional units 9 11 Protocol 9 9 11.1 Elements of procedure 1 1.2 Abstract syntax . 10 11.3 Negotiation of the security alarm reporting functional unit . 12 12 Relationships with other functions 12 13 Conformance 12 13.1 General conformance class requirements 12 13.2 Dependent confor
7、mance class requirements 13 0 ISO/IEC 1992 Ail rights reserved No part of this publication may be reproduced or utilized in any form or by any means. electronic or mechanical. including photocopying and microfilm. without permission in Writing from the publisher . ISOllEC Copyright Office Case posta
8、le 56 CH-1211 Geneclinology - Open Systems Interconnection - Common management information servlce definition; - ISO/1EC 9596 : 1990, Information tecltnolugy - Open Systems Interconnection - Camrnon management information protocol; - ISO/IEC 10040 : 1992, Information technology - Open Systems Interc
9、onnection - Systems management overview; - ISO/KEC 10165 : 1992, Informtion technology - Open Systems Interconnection - Structure of management information. iv CCIT“ Rec. X.736 (1992) ISO/IEC 10164-7 : 1992(E) INTERNATIONAL STANDARD CCLTT RECOMMENDATION Information technology - Open Systems Intercon
10、nection - Systems Management: Security alarm reporting function 1 Scope This Recommendation I International Standard defines the security alarm reporting function. The security alarm reporting function is a systems management function which rnay be used by an application process in a centralized or
11、decentralized management environment to exchange information for the purpose of systems management, as defined by CCIIT Rec. X.700 I ISO/IEC 7498-4. This Recornmendation I International Standard is positioned in tbe application layer of CCIIT Rec. X.200 I IS0 7498 and is defined according to the mod
12、el provided by ISO/IEC 9545. The role of systems management functions is described by CCITT Rec. X.701 I ISO/lEC 10040. The security alarm notifications defined by this systems management function provide information regarding operational condition and quality of service, pertaining to security. Sec
13、urity-related events are of relevance to the provision of security. The security policy determines the actions to be undertaken whenever a security-related event has occured. The security policy rnay, for example, specify that a security alarm report be generated, a record of the event be made in a
14、security audit trail, a threshold counter be incremeoted, the event be ignored, or a combination of these actions be taken. This Recommendation I International Standard is only concerned with security alarm reporting. This Recommendation 1 International Standard - establishes user requirements for t
15、he service definition needed to support the security alarm reporting function; defines the service provided by the security alarm reporting function; specifies the protocol that is necessary in order to provide the service; defines the relationship between the service and management notifications; d
16、efines relationships with other systems management functions; - - - - - specifies conformance requirements. This Recommendation I International Standard does not - - define the nature of any implementation intended to provide the security alarm reporting function; specify the manner in which managem
17、ent is accomplished by the user of the security alarm reporting function; define the nature of any interactions which result in the use of the security alarm reporting function; specify the services necessary for the establishment, normal and abnormal release of a management association; define any
18、other notifications, defined by other Recommendations I International Standards, which may be of interest to a security administrator. - - - CCLTT Rec. X.736 (1992) 1 ISO/XEC 10164-7 : 1992(E) 2 Normative references The following CCITT Recommendations and International Standards contain provisions w
19、hich, through reference in this text, constitute provisions of this Recommendation I International Standard. At the time of publication, the editions indicated were valid All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation I International
20、 Standard are encouraged to investigate the possibility of applying the most recent editions of the Recommendations and Standards listed below+ Members of IEC and IS0 maintain registers of currently valid International Standards. The CCTT Secretariat maintains a list of the currently valid CCTT Reco
21、mmendations. 2.1 2.2 Identical CCITT Recommendations I International Standards - CCl“IT Recommendation X.701 (1992) I ISO/lEC 10040 : 1992, Information technology - Open System Interconnection - Systems management overview. CCrrTT Recommendation X.721 (1992) 1 ISO/IEC 10165-2 : 1992, lnfomation tech
22、nology - Open Systems Interconnection - Structure of management information: Dcrfinition of management infomiation. CCTT Recommendation X.722 (1992) 1 ISO/IEC 10165-4 : 1992, lnfomairon technology - Open Systems Interconnection - Structure of management information: Guidelines for the definition of
23、managed objects. CClTT Recommendation X.733 1992) 1 ISO/IEC 10164-4 : 1992, Information technology - Open Systems Interconnection - Systems Management: Alarm reporting function. - - - - CCTT Recommendation X.734l) I ISO/IEC 10164-5 : 1992, Infomation technology - Open Systems Interconnection - Syste
24、ms Management: Event report managementfunction. - CCITT Recommendation X.735l) I ISO/IEC 10164-6 : 1992, Information technology - Upen Systems Interconnection - Systems Management: Log control function. Paired CCITT Recommendations 1 International Standards equivalent in technical con tent - CCIIT R
25、ecommendation X.200 (1988), Reference model of Open Systems Interconnection for CCIlT applications. IS0 7498 : 1984, Infomution processing systems - Open Systems Interconnection - Basic Reference Model. - CCllT Recommendation X.208 (19881, Specification ofabstract syntax notation one (ASN.1). ISO/KJ
26、3C 8824 : 1990, Information technology - Upen Systems Interconnection - Specification of Abstract Syntux Notation One (ASN.1). - CCITT Recommendation X.209 (1988), Specification of Basic Encoding Rules for abstract syntax nota tion ISO/IEC 8825 : 1990, Information technology - Upen Systems Interconn
27、ectian - Specification of Basic Encoding Rules fur Abstract Syntax Notation One (ASN.1). - CCITT Recommendation X.210 1988), Open Systems Interconnection Zuyer service definition conventions. ISQfJX 8509 : 1987, Information processing systems - Open Systems Interconnection - Service conventions. CCm
28、 Recommendation X.290 (1992), US1 coiifomiance testing methodology and framework fur protocol Recommendations for CCKT applications - General concepts. ISO/IEC 9646-1 : 1991, Information technology - Open Systems Interconnection - Confumzance testing methodology and framework - Part I: General conce
29、pts. CCTIT Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for CCKT applications. IS0 7498-2 : 1988, Informution processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture. - - Presently at statt of draft Recommendati
30、on, 2 CCJTT Xec. X.736 (1992) ISOmEC 10164-7 : 1992(E) 2.3 CCIIT Recommendation X.700), Management framework definition for Upen Systems Interconnection for CCITT applications. ISO/IEC 7498-4 : 1989, Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 4: Mana
31、gement framework. CCITT Recommendation X.710 (1991), Common management information service definition for CCLT applications. ISODC 9595 : 1991, Information technology - Open Systems Interconnection - Common management iizfomatian service definition. Additional references - ISO/IEC 9545 : 1989, Infor
32、mation technology - Upen, Systems Interconnection - Application kyer structure. 3 Definitions For the purposes of this Recornmendation I International Standard, the following definitions apply. 3.1 Basic reference model definitions This Recommendation 1 International Standard makes use of the follow
33、ing term defined in CClTT Rec. X.200 I IS0 7498: open system 3.2 Security architecture definitions This Recommendation I International Standard makes use of the following terms defined in CCllT Rec. X.800 I IS0 7498-2: a) authentication; b) confidentiality; c) integrity; d) non-repudiation; e) secur
34、ity policy; f) security service. 3.3 Management framework definitions This Recommendation I International Standard makes use of the following term defined in CCm Rec. X.700 I XSO/IEC 7498-4: managed object 3.4 Systems management overview definitions This Recommendation I International Standard makes
35、 use of the following terms defined in CCITT Rec. X.701 1 ISO/IEC 10040: a agent role; b) dependent conformance; c general conformance; d) manager role; ) Presently at state of draft Rccommcndation. CCITT Rec. X.736 (1992) 3 XSOfiEC 10164-7 : 1992(E) e) notification; f) systems management functional
36、 unit. 3.5 This Recommendation ! International Standard makes use of the following term defined in CCllT Rec. X.734 I ISO/IEC 10164-5: Event report management function definitions discriminator 3.6 Service conventions definitions This Recommendation I International Standard makes use of the followin
37、g terms defined in CCI“ Rec. X.210 I ISO/lX 8509: a) service-user; b) service-provider. 3.7 OS1 conformance testing definitions This Recornmendation I lntemationd Standard makes use of the following term defined in CCITT Rec. X.290 I ISO/EC 9646- 1 system conformance statement 3.8 Additional definit
38、ions 3.8.1 security; security alarm: A security-related event that has been identified by a security policy as a potential breach of security-related event: An event which is considered to have relevance to security. 3.8.2 4 5 Abbreviations ASN. 1 CMJS Common Management Information Services Cod Conf
39、innation hd Indication MAPDU Management Application Protocol Data Unit OS1 Open Systems Interconnection Req Request Rsp Response SMAPM Systems Management Application Protocol Machine Abstract Syntax Notation One Conventions This Recommendation 1 International Standard defines services for the securi
40、ty alarm reporting hnction using the descriptive conventions defined in CCITT Rec. X.210 I ISO/lX 8509. In clause 9, the definition of each service includes a table that lists the parameters of its primitives. For a given primitive, the presence of each parameter is described by one of the following
41、 values M the parameter is mandatory (=) the value of the parameter is equal to the value of the parameter in the column to the left U the use of the parameter is a service-user option - the parameter is not present in the interaction described by the primitive concerned 4 CCITT Rec. X.736 (1992) IS
42、O/IEC 10164-7 1992tE) C the parameter is conditional. The condition(s) are defined by the text which describes the parameter P subject to the constraints imposed on the parameter by CCITI Rec. X.710 I ISO/IEC 9595 NOTE -The parameters that are marked “P“ in Table 2 of this Recommendation I Internati
43、onal Standard are mapped directly onto the correspondiug parameters of the CMIS service primitive, without changing the semantics or syntax of the parameters. The remaining parameters are used to construct an MAPDU. 6 Requirements The security management user needs to be alerted whenever an event in
44、dicating an attack or potential attack on system security has been detected A security attack may be detected by a security service, a security mechanism, or another process. A security alarm notification may be generated by either of the communicating end users, or by any intermediate system or pro
45、cess between the end users. The security alarm report shall identify the cause of the security alarm, the source of the detection of the security-related event, the appropriate end users, and of the perceived severity of any misoperation, attack or breach of security, as specified by the security po
46、licy. This Recommendation I International Standard describes the use of services and techniques to satisfy these requirements. 7 Model The model for security alarm reporthg is defined in CCITT Rec. X.734 1 ISOKEC 10164-5- The information may be logged in accordance with CCITT Rec. X.735 i ISO/IEC 10
47、164-6. 8 Generic definitions 8.1 Generic notifications This Recornmendation I International Standard defines a set of generic security alarm notifications and their applicable parmeters and semantics. The set of generic notifications, parameters and semantics defined by this Recommendation I Interna
48、tional Standard provide the detail for the following parameters of the M-EVENT-REPORT service as defined by CCITI Rec. X.710 I ISO/IEC 9595 - event type; - event information; - event reply. All notifications are potential entries in a systems management log and this Recommendation I International St
49、andard defines a managed object class for this purpose. CCIIT Rec. X.721 I ISO/IEC 10165-2 defines a generic log record object class from which all entries are derived, the additional information being specified by the event information and event reply parameters. 8.1.1 Event type This parameter defines the type of the security alarm report. The following event types are defined in this Recommendation I International Standard - - integrity violation: an indication that information may have been illegally modified, inserted or deleted; operational violation: an indication that