欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    ITU-T M 3016 3-2005 Security for the management plane Security mechanism《管理飞机安全措施 安全机制研究组4》.pdf

    • 资源ID:800070       资源大小:353.20KB        全文页数:30页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    ITU-T M 3016 3-2005 Security for the management plane Security mechanism《管理飞机安全措施 安全机制研究组4》.pdf

    1、 International Telecommunication Union ITU-T M.3016.3TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (04/2005) SERIES M: TELECOMMUNICATION MANAGEMENT, INCLUDING TMN AND NETWORK MAINTENANCE Telecommunications management network Security for the management plane: Security mechanism ITU-T Recommendatio

    2、n M.3016.3 ITU-T M-SERIES RECOMMENDATIONS TELECOMMUNICATION MANAGEMENT, INCLUDING TMN AND NETWORK MAINTENANCE Introduction and general principles of maintenance and maintenance organization M.10M.299 International transmission systems M.300M.559 International telephone circuits M.560M.759 Common cha

    3、nnel signalling systems M.760M.799 International telegraph systems and phototelegraph transmission M.800M.899 International leased group and supergroup links M.900M.999 International leased circuits M.1000M.1099 Mobile telecommunication systems and services M.1100M.1199 International public telephon

    4、e network M.1200M.1299 International data transmission systems M.1300M.1399 Designations and information exchange M.1400M.1999 International transport network M.2000M.2999 Telecommunications management network M.3000M.3599 Integrated services digital networks M.3600M.3999 Common channel signalling s

    5、ystems M.4000M.4999 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. M.3016.3 (04/2005) i ITU-T Recommendation M.3016.3 Security for the management plane: Security mechanism Summary This Recommendation identifies the security mechanisms for the management plane in t

    6、he Telecommunications management network. This Recommendation focuses specifically on the security aspect of the management plane for network elements (NE) and management systems (MS), which are part of the Telecommunication infrastructure. Source ITU-T Recommendation M.3016.3 was approved on 13 Apr

    7、il 2005 by ITU-T Study Group 4 (2005-2008) under the ITU-T Recommendation A.8 procedure. ii ITU-T Rec. M.3016.3 (04/2005) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Se

    8、ctor (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets eve

    9、ry four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purvie

    10、w, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is volunt

    11、ary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the

    12、negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve t

    13、he use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommend

    14、ation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. ITU 2

    15、005 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. M.3016.3 (04/2005) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 2 4 Abbreviations 2 5 Conventions 3 6 Security mechanisms 3 6.1 User a

    16、uthentication. 4 6.2 Peer entity and data origin authentication 5 6.3 Access control 6 6.4 Data confidentiality 7 6.5 Data integrity 10 6.6 Audit trail 11 6.7 Key exchange . 12 6.8 Alarm reporting 12 6.9 Packet filtering 13 Appendix I IPsec, SSL/TLS and SSH security mechanisms 13 I.1 IPsec . 13 I.2

    17、SSL/TLS. 14 I.3 SSH. 15 Appendix II 16 II.1 Objectives. 16 II.2 Network design considerations affecting packet filtering 16 II.3 Basic packet filtering 19 II.4 Enhanced packet filtering . 19 BIBLIOGRAPHY 20 iv ITU-T Rec. M.3016.3 (04/2005) Introduction Telecommunications is a critical infrastructure

    18、 for global communication and economy. Appropriate security for the management functions controlling this infrastructure is essential. Many standards for Telecommunications network management security exist. However, compliance is low and implementations are inconsistent across the various telecommu

    19、nications equipment and software components. This Recommendation identifies the security mechanisms to allow vendors, agencies, and service providers to implement a secure Telecommunications management infrastructure. Although the present set of security mechanisms represents the current understandi

    20、ng of the state of the art, technologies will advance and conditions will change. To be successful, this Recommendation must evolve as conditions warrant. This Recommendation is intended as a foundation. Service providers may include additional security mechanisms to meet their specific needs over a

    21、nd above those in this Recommendation. This Recommendation is part of the M.3016.x series of ITU-T Recommendations intended to provide guidance and recommendations for securing the management plane of evolving networks: ITU-T Rec. M.3016.0 Security for the management plane: Overview. ITU-T Rec. M.30

    22、16.1 Security for the management plane: Security requirements. ITU-T Rec. M.3016.2 Security for the management plane: Security services. ITU-T Rec. M.3016.3 Security for the management plane: Security mechanism. ITU-T Rec. M.3016.4 Security for the management plane: Profile proforma. ITU-T Rec. M.30

    23、16.3 (04/2005) 1 ITU-T Recommendation M.3016.3 Security for the management plane: Security mechanism 1 Scope ITU-T Recs M.3016.1-M.3016.3 specify a set of requirements, services and mechanisms for the appropriate security of the management functions necessary to support the telecommunications infras

    24、tructure. Because different administrations and organizations require varying levels of security support, the ITU-T Recs M.3016.1-M.3016.3 do not specify whether a requirement/service/mechanism is mandatory or optional. This Recommendation identifies the security mechanisms for the management plane

    25、in the Telecommunications management network. This Recommendation focuses specifically on the security aspect of the management plane for network elements (NE) and management systems (MS), which are part of the Telecommunication infrastructure. This Recommendation is generic in nature and does not i

    26、dentify or address the security mechanisms for a specific Telecommunications Management Network (TMN) interface. The proforma defined in ITU-T Rec. M.3016.4 is provided to assist the organizations, administrations and other national/international organizations, in specifying the mandatory and option

    27、al support of the requirements as well as value ranges, values etc., to help implement their security policies. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of

    28、 publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list

    29、 of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T Recommendation G.8080/Y.1304 (2001), Architecture for the Automatically Switched Optical Net

    30、work (ASON), plus Amendment 2 (2005). ITU-T Recommendation M.3010 (2000), Principles for a telecommunications management network. ITU-T Recommendation M.3016.0 (2005), Security for the management plane: Overview. ITU-T Recommendation M.3016.2 (2005), Security for the management plane: Security servi

    31、ces. ITU-T Recommendation M.3016.3 (2005), Security for the management plane: Security mechanism. ITU-T Recommendation M.3016.4 (2005), Security for the management plane: Profile proforma. ITU-T Recommendation X.509 (2000), Information technology Open Systems Interconnection: The Directory: Public-k

    32、ey and attribute certificate frameworks, plus Corrigendum 1 (2001), Corrigendum 2 (2002), and Corrigendum 3 (2004). ITU-T Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for CCITT Applications, plus Amendment 1 (1996). 2 ITU-T Rec. M.3016.3 (04/2005) ITU-T Recomme

    33、ndation X.805 (2003), Security architecture for systems providing end-to-end communications. 3 Definitions This Recommendation does not define any new terms. 4 Abbreviations This Recommendation uses the following abbreviations: CORBA Common Object Request Broker Architecture DoS Denial of Service EM

    34、S Element Management System FTP File Transfer Protocol HTTP Hypertext Transfer Protocol IETF Internet Engineering Task Force IP Internet Protocol IPSec Internet Protocol Security ISO/IEC International Organization for Standardization/International Electrotechnical Commission ITU-T International Tele

    35、communication Union Telecommunication Standardization Sector MS Management System; any EMS, NMS, or OSS1NE Network Element NE/MS NE or MS NMS Network Management System NTP Network Time Protocol NTPv3 NTP version 3 OAM SER for service; MEC for mechanism. 6 Security mechanisms This clause contains the

    36、 specific security mechanisms for operations, administration, maintenance, and provisioning (OAM other possible services (e.g., detection of denial of service) are left out. Table 1/M.3016.3 Mapping of security requirements and security services Security functional requirement Security service Verif

    37、ication of identities user authentication peer entity authentication data origin authentication Controlled access and authorization access control Protection of confidentiality stored data access control confidentiality Protection of confidentiality transferred data confidentiality Protection of dat

    38、a integrity stored data access control Protection of data integrity transferred data integrity Accountability non-repudiation Activity logging audit trail Security alarm reporting security alarm Security audit audit trail Protection of the DCN packet inspection 4 ITU-T Rec. M.3016.3 (04/2005) Table

    39、2 below outlines the organization of this clause: Table 2/M.3016.3 Organization of this clause Clause Contents 6.1 Discusses authentication security mechanisms including user authentication, peer entity authentication. 6.2 Discusses data origin authentication. 6.3 Discusses access control security m

    40、echanisms. 6.4 Discusses data confidentiality security mechanisms. 6.5 Discusses data integrity security mechanisms. 6.6 Discusses audit trail security mechanisms. 6.1 User authentication User authentication is the act of verifying a claimed identity of a person. User authentication may be based on

    41、security mechanisms which include: User ID and password combination (with suitably complex passwords) where the password may be a one time password (e.g., SecureID). Multi-factor authentication. Single sign-on authentication. A discussion of user authentication security mechanisms is given in this c

    42、lause. 6.1.1 User ID and Passwords authentication User ID and static passwords may be used for user authentication. User authentication involves proving the true identity of the legitimate system user and preventing masquerading by illegitimate imposters. With proper authentication, it is possible t

    43、o track activities and apply access control to restrict users to pre-authorized activities or roles as discussed in 6.2. User ID and password authentication involves assigning a unique User ID to each user, and then assigning a suitably complex secret password which is used in combination with the U

    44、ser ID to prove identity. Passwords should contain enough characters and other randomness to prevent guessing by persons or by machine automated techniques. Examples of characteristics of complex passwords may include such requirements as the following: MEC 1: Passwords may be required to be a minim

    45、um number of characters long (e.g., eight characters). MEC 2: Passwords may be prevented containing certain characters. MEC 2a: Passwords may be prevented from including a repeat or the reverse of the associated user ID. MEC 2b: Passwords may be required not to contain a set of configured character

    46、sequences anywhere within them (e.g., words from a dictionary or product names). MEC 3: Passwords may be required to have no more than a certain number of the same characters used consecutively. MEC 4: Passwords may be required to contain at least a certain number of lower case and/or upper case alp

    47、ha characters. MEC 5: Passwords may be required to contain at least a certain number of numeric characters. ITU-T Rec. M.3016.3 (04/2005) 5 MEC 6: Passwords may be required to contain at least a certain number of special characters. Administration of passwords is also very important to ensure a secu

    48、re authentication system. For example the following password system administration capabilities may be desired: MEC 7: The password administration system may require the entry of the old password to prevent another user from changing a logged-on users password without their knowledge. MEC 8: The sys

    49、tem may automatically check to ensure that each new login password differs from the previous password. (Because passwords are typically stored via one-way encryption, the entry of the old password may also be required to allow the system to determine the degree of difference between the old and new passwords2). MEC 9: The system may support a password history list to prevent password reuse. MEC 10: The system may enforce the changing of passwords after certain time intervals. MEC 11: After a certain number of invalid pa


    注意事项

    本文(ITU-T M 3016 3-2005 Security for the management plane Security mechanism《管理飞机安全措施 安全机制研究组4》.pdf)为本站会员(diecharacter305)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开