1、 International Telecommunication Union ITU-T M.3016.1TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Amendment 1(07/2011) SERIES M: TELECOMMUNICATION MANAGEMENT, INCLUDING TMN AND NETWORK MAINTENANCE Telecommunications management network Security for the management plane: Security requirements Amend
2、ment 1: Authentication extension Recommendation ITU-T M.3016.1 (2005) Amendment 1 ITU-T M-SERIES RECOMMENDATIONS TELECOMMUNICATION MANAGEMENT, INCLUDING TMN AND NETWORK MAINTENANCE Introduction and general principles of maintenance and maintenance organization M.10M.299 International transmission sy
3、stems M.300M.559 International telephone circuits M.560M.759 Common channel signalling systems M.760M.799 International telegraph systems and phototelegraph transmission M.800M.899 International leased group and supergroup links M.900M.999 International leased circuits M.1000M.1099 Mobile telecommun
4、ication systems and services M.1100M.1199 International public telephone network M.1200M.1299 International data transmission systems M.1300M.1399 Designations and information exchange M.1400M.1999 International transport network M.2000M.2999 Telecommunications management network M.3000M.3599Integra
5、ted services digital networks M.3600M.3999 Common channel signalling systems M.4000M.4999 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T M.3016.1 (2005)/Amd.1 (07/2011) i Recommendation ITU-T M.3016.1 Security for the management plane: Security requirements Amendm
6、ent 1 Authentication extension Summary Amendment 1 to Recommendation ITU-T M.3016.1 adds requirements REQ 61 and REQ 62 to Rec. ITU-T M.3016.1 and updates Annex A accordingly. History Edition Recommendation Approval Study Group 1.0 ITU-T M.3016.1 2005-04-13 4 1.1 ITU-T M.3016.1 (2005) Cor. 1 2005-11
7、-13 4 1.2 ITU-T M.3016.1 (2005) Amd. 1 2011-07-14 2 ii Rec. ITU-T M.3016.1 (2005)/Amd.1 (07/2011) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommu
8、nication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assem
9、bly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology whic
10、h fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with th
11、is Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory lang
12、uage such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this
13、Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date o
14、f approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult th
15、e TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2011 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T M.3016.1 (2005)/Amd.1 (07/2011) 1 Recommendation ITU-T M.3016.1 Security for the manage
16、ment plane: Security requirements Amendment 1 Authentication extension 1 Scope This amendment contains extensions to Rec. ITU-T M.3016.1 (2005). 2 Additions Add new clauses 6.1.3 and 6.1.4 6.1.3 Authentication availability At a fault event, the authentication system and all network services, includi
17、ng security services, become unavailable even though all other NE/MS are alive. REQ 61: The NE/MS should support Authentication availability with proper redundancies. This provides users with unceasing services even in the event of a fault, and can be achieved by applying dual (or multiple) authenti
18、cation servers that can be operated in an active-active or active-standby mode. With an active-active configuration, load balancing between authentication servers is also possible, providing fault prevention. When a fault occurs in the primary authentication server, all pending authentication reques
19、ts should be forwarded to the secondary authentication server. This is commonly referred to as fail-over. After the failed server has recovered, a switch-back procedure should also be supported, which can be performed automatically or manually by an operator. The servers can be located in separate n
20、etworks in order to provide an unceasing authentication service in the event of a network fault, as well as of a fault of the server itself. 6.1.4 Authentication Identifier In order to ease repeating authentication, an Authentication Identifier may be defined. An Authentication Identifier may be iss
21、ued at successful authentication (e.g., by entering UserId and password). The Identifier grants rights to the user. Under certain circumstances (e.g., time period, in accordance with the security policy), the user can use the identifier to access specific resources without additional authentication.
22、 The Authentication Identifier can also be used for event logging or event retrieval for administrative purposes. REQ 62: The NE/MS may provide an Authentication Identifier to grant rights to the user at successful authentication. The right assigned is according to the security policy. The Authentic
23、ation Identifier can also be used in logging or retrievals for administrative purposes. 2 Rec. ITU-T M.3016.1 (2005)/Amd.1 (07/2011) Add 2 new rows to the end of the table in Annex A Annex A ITU-T M.3016.1 security requirements ITU-T M.3016.2 security services ITU-T M.3016.3 security mechanisms REQ
24、61: The NE/MS should support Authentication availability with proper redundancies. SER 1, SER 2, SER 3 MEC 43 REQ 62: The NE/MS may provide an Authentication Identifier to grant rights to the user at successful authentication. The right assigned is according to the security policy. The Authenticatio
25、n Identifier can also be used in logging or retrievals for administrative purposes. SER 1, SER 2, SER 3 MEC 13 Printed in Switzerland Geneva, 2011 SERIES OF ITU-T RECOMMENDATIONS Series A Organization of the work of ITU-T Series D General tariff principles Series E Overall network operation, telepho
26、ne service, service operation and human factors Series F Non-telephone telecommunication services Series G Transmission systems and media, digital systems and networks Series H Audiovisual and multimedia systems Series I Integrated services digital network Series J Cable networks and transmission of
27、 television, sound programme and other multimedia signals Series K Protection against interference Series L Construction, installation and protection of cables and other elements of outside plant Series M Telecommunication management, including TMN and network maintenance Series N Maintenance: inter
28、national sound programme and television transmission circuits Series O Specifications of measuring equipment Series P Terminals and subjective and objective assessment methods Series Q Switching and signalling Series R Telegraph transmission Series S Telegraph services terminal equipment Series T Te
29、rminals for telematic services Series U Telegraph switching Series V Data communication over the telephone network Series X Data networks, open system communications and security Series Y Global information infrastructure, Internet protocol aspects and next-generation networks Series Z Languages and general software aspects for telecommunication systems
