1、 International Telecommunication Union ITU-T X.1032TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (12/2010) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Information and network security Network security Architecture of external interrelationships for a telecommunication IP-based
2、 network security system Recommendation ITU-T X.1032 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.50
3、0X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049Security management X.1050X.1069 Te
4、lebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1
5、180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Cyber information exchange
6、X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the li
7、st of ITU-T Recommendations. Rec. ITU-T X.1032 (12/2010) i Recommendation ITU-T X.1032 Architecture of external interrelationships for a telecommunication IP-based network security system Summary Recommendation ITU-T X.1032 proposes four models that make possible a review of interrelationships betwe
8、en a telecommunication IP-based network security system (TNSS) and various groups of external objects. Each object is considered in terms of its main functions and its probable effect on TNSS construction and functioning principles. This Recommendation provides a basis for developing detailed recomm
9、endations on network security with regard to the effect on external objects. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1032 2010-12-17 17 ii Rec. ITU-T X.1032 (12/2010) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the fiel
10、d of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizi
11、ng telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered
12、by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate
13、both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved wh
14、en all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPER
15、TY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted
16、 by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that
17、 this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2011 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec.
18、ITU-T X.1032 (12/2010) iii Table of Contents Page 1 Scope 1 2 References. 2 3 Definitions 2 3.1 Terms defined elsewhere 2 3.2 Terms defined in this Recommendation . 2 4 Abbreviations and acronyms 3 5 Conventions 3 6 General 3 7 TNSS interrelationships with security systems of information systems and
19、 information structure 3 7.1 Model of interrelationships . 3 7.2 Functions of external objects and their effect on TNSS . 3 8 TNSS interrelationships with telecommunication system objects 5 8.1 Model of TNSS interrelationships 5 8.2 Functions of external objects and their effect on TNSS . 5 9 TNSS i
20、nterrelationships with external organizations . 6 9.1 Model of interrelationships . 6 9.2 Functions of external organizations and their effect on TNSS . 6 10 TNSS interrelationships with security threats sources . 7 10.1 Model of interrelationships . 7 10.2 Functions of external objects and their ef
21、fect on TNSS . 7 Appendix I Possible composition of technical facilities of the telecommunication IP-based network 9 Bibliography. 10 Rec. ITU-T X.1032 (12/2010) 1 Recommendation ITU-T X.1032 Architecture of external interrelationships for a telecommunication IP-based network security system 1 Scope
22、 1.1 A study of any object needs to take into account not only the interconnections between different components within the object, but also the objects external relationships. Through external relationships, the object performs its functions in the context of an overall system. However, these inter
23、relationships may pose a risk due to a variety of threats that can disturb the functioning of the object. A study of these objects is particularly important for a telecommunication IP-based network security system (TNSS), which needs to protect a telecommunication IP-based network mainly against ext
24、ernal threats (see Figure 1). Possible composition of technical components of a telecommunication IP-based network is presented in Appendix I. X.1032(10)_F01Telecommunication IP-based networkTelecommunication IP-based network security system (TNSS)TNSSexternalinterfaces/interrelationspointsInterrela
25、tionships with external objects and external threats in a telecommunication IP-based networkFigure 1 Interrelationships between a telecommunication IP-based network security system and external objects 1.2 The TNSS does not function as a free-running system; it works in close interaction with a numb
26、er of external systems. Firstly, these external systems include the telecommunication IP-based network itself, which protects the TNSS. The principles that govern the construction of the transport medium and the service platforms directly determine the requirements and, therefore, the design of the
27、TNSS. Secondly, these external systems include the telecommunication IP-based network users whose requirements should be fulfilled by the telecommunication IP-based network and its TNSS. Some other external organizations can also affect the TNSS construction principles. These organizations include:
28、national regulatory authorities; trusted third parties providing services for security systems (on the “outsourcing“ principle); organizations using telecommunication IP-based network services for the creation of information networks. 2 Rec. ITU-T X.1032 (12/2010) In essence, the main TNSS tasks con
29、sist of the protection of the telecommunication IP-based network and the information transmitted through this network against the various external security threats in the environment in which the TNSS functions. The above list indicates that TNSS has interrelationships with many external objects whi
30、ch may be subdivided into several groups. 1.3 TNSS interrelationships with external objects can either directly or indirectly affect the TNSS requirements, the TNSS construction and the functioning principles. Therefore, these interrelationships should be taken into account in the course of TNSS dev
31、elopment. Existing ITU-T Recommendations address certain aspects of this problem (for example, ITU-T X.842 and ITU-T X.843 address interrelationships with a trusted third party). However, there are many aspects of TNSS interrelationships with external objects that have not yet been considered. 1.4 T
32、his Recommendation covers a general architecture of TNSS interrelationships with external objects. This architecture can be applied to various types of telecommunication IP-based networks and to various telecommunication security systems. This Recommendation provides an overview of all external inte
33、rrelationships of TNSS. This Recommendation may serve as a basis for elaborating more detailed recommendations on network security, with respect to the effect on external objects. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in thi
34、s text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edit
35、ion of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.800 Recommendation ITU
36、-T X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ITU-T X.805 Recommendation ITU-T X.805 (2003), Security architecture for systems providing end-to-end communications. ITU-T X.842 Recommendation ITU-T X.842 (2000) | ISO/IEC TR14516:2002, Information tech
37、nology Security techniques Guidelines for the use and management of trusted third party services. ITU-T X.843 Recommendation ITU-T X.843 (2000) | ISO/IEC 15945:2002, Information technology Security techniques Specification of TTP services to support the application of digital signatures. 3 Definitio
38、ns 3.1 Terms defined elsewhere None. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 security system: A variety of interrelating elements (certain principles, organization and technical measures for security provision) that minimize vulnerability of as
39、sets and resources. Rec. ITU-T X.1032 (12/2010) 3 3.2.2 telecommunication IP-based network security system (TNSS): Security system used in a telecommunication IP-based network. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: ICT Information and Communi
40、cation Technologies TNSS Telecommunication IP-based Network Security System 5 Conventions None. 6 General 6.1 Consideration of TNSS interrelationships with external objects is complicated by the great number of these objects and by various types of relationships and interfaces. Therefore, a major pr
41、oblem is the possibility of decomposition (division) of the set of interrelationships. This Recommendation proposes four types of external interrelationships: TNSS interrelationships with security systems that overlay infrastructure information systems and information structures; TNSS interrelations
42、hips with telecommunication system objects; TNSS interrelationships with other objects, e.g., external organizations; TNSS interrelationships with security threats in the form of either the above-named objects or new objects. These types of interrelationships are considered below in clauses 7, 8, 9
43、and 10, respectively. 6.2 In addition, each of the clauses 7, 8, 9 and 10 employs the decomposition principle. First, a model of interrelationships is defined in a graphical form. This model contains external objects and their interrelationships with TNSS. The functions of each external object are t
44、hen described. Finally, proceeding from these functions, brief assessments are made for: the possible effects of external objects on TNSS (for example, effects on requirements to TNSS, effects on principles of TNSS construction and functioning); the possible types of interrelationship (for example,
45、an electrical interface, organizational requirements, external environment influences). 7 TNSS interrelationships with security systems of information systems and information structure 7.1 Model of interrelationships Figure 2 shows TNSS interrelationships with security systems that overlay infrastru
46、cture information systems which, in turn, have interfaces with information structure security systems. 7.2 Functions of external objects and their effect on TNSS 7.2.1 Information systems employ various kinds of information technologies using telecommunications. Functions of information systems incl
47、ude, for instance, collection, storage and retrieval of information, organization of databases and users sites, technical support of editing, conversion and other kinds of information processing. Information systems can perform functions of remote information transfer and distribution, using telecom
48、munication services (i.e., from 4 Rec. ITU-T X.1032 (12/2010) information-telecommunication networks). Internet is one example of a public information-telecommunication network. Traditional types of communication (for example, telephone communication and facsimile communication) can be effected both
49、 with and without the use of information-telecommunication network. Information system security systems serve to protect the technical processes of these systems and the information stored and transferred within these systems. Information system security systems may affect TNSS in the following way, for example: supplement each other during protection against certain threats, for instance, against information disclosure; and introduce limitations for security protocols used within TNSS. External i
