UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ATIS - 0300276

Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane

inactive
Organization: ATIS
Publication Date: 1 August 2008
Status: inactive
Page Count: 62
scope:

Scope, Purpose, and Application

In some telecommunications networks, management traffic is often transmitted on a separate network from that carrying the service provider's end-user traffic. In these networks, security threats to the management plane are completely isolated from any malicious activity on the end-user plane. The management plane is relatively easy to secure because access to this plane is restricted to known administrators, and traffic is restricted to known management activities. However, in some cases management traffic is combined on a single network with the service provider's end-user traffic. Combining traffic in this manner minimizes costs by requiring only a single integrated network infrastructure; however, many new security challenges are introduced. Threats in the end-user plane now become threats to the management and control planes. The management plane now becomes accessible to the multitude of end-users, and many types of malicious activities become possible. The purpose of this standard is to recommend minimum baseline security mechanisms to help mitigate security risks in the management of telecommunications networks.

To provide a complete end-to-end solution, all security measures (e.g., access control, authentication) should be applied to each type of network activity (i.e., management plane activity, control plane activity, and end user plane activity) for the network infrastructure, network services, and network applications. This standard focuses specifically on the security aspect of the management plane for network elements (NE) and management systems (MS), which are part of the network infrastructure. As such, the standard addresses only one aspect of an overall end-to-end security solution, but may be used as a starting point for subsequent standards addressing the security of "control" and "end user" planes, as appropriate.

The requirements in this standard are applicable to NEs and MSs to be deployed in the future. For NEs in the network that do not meet all the mandatory security requirements, the overall security requirements at the network architecture design should be supported. This standard addresses security for NE, MS, and element management system (EMS) equipment, and does not specifically address security for other equipment such as customer premise equipment (e.g., voice over Internet Protocol [IP] telephones) or independent test gear. For such other equipment, all mandatory requirements in this standard should be considered objective recommendations.

This standard has been used by the International Telecommunication Union - Telecommunications Sector (ITU-T) as the base to develop the M.3016.x series of Recommendations. ITU-T Recommendations M.3016.1, M.3016.2 and M.3016.3 specify the requirements, services, and mechanisms for the appropriate security of the management functions necessary to support the telecommunications infrastructure. Because different administrations and organizations require varying levels of security support, ITU-T Recs. M.3016.1, M.3016.2 and M.3016.3 do not specify whether a requirement/service/mechanism is mandatory or optional. ITU-T Rec. M.3016.4 defines a profile proforma template to assist administrations and other national/international organizations to specify the mandatory and optional support of the requirements as well as value ranges, values, etc. to help implement their security policies. This standard requires all implementers to list the security requirements supported in their implementations in terms of the requirements as enumerated by this standard. In addition, this standard suggests that for implementers with international interests, the ITU-T M.3016.x series of Recommendations may also be used to specify the security profiles of their implementations. If an implementer chooses to provide such a dual specification of their security implementation, then a mapping between the requirements as enumerated by this standard and those enumerated by the ITU-T M.3016.x series should also be provided. Note that if this "dual specification" process becomes widely adopted, then this standard may be updated in the future to include the preferred mapping algorithm in order to reduce the possibility of different mapping algorithms being used by different implementers.

Document History

August 1, 2008
OPERATIONS, ADMINISTRATION, MAINTENANCE, AND PROVISIONING SECURITY REQUIREMENTS FOR THE PUBLIC TELECOMMUNICATIONS NETWORK: A BASELINE OF SECURITY REQUIREMENTS FOR THE MANAGEMENT PLANE
This standard contains a set of baseline security requirements for the management plane. The requirements outlined in this standard allow equipment/system suppliers, government departments and...
August 1, 2008
OPERATIONS, ADMINISTRATION, MAINTENANCE, AND PROVISIONING SECURITY REQUIREMENTS FOR THE PUBLIC TELECOMMUNICATIONS NETWORK: A BASELINE OF SECURITY REQUIREMENTS FOR THE MANAGEMENT PLANE
Scope, Purpose, and Application In some telecommunications networks, management traffic is often transmitted on a separate network from that carrying the service provider's end-user traffic. In...
August 1, 2008
Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane
Scope, Purpose, and Application In some telecommunications networks, management traffic is often transmitted on a separate network from that carrying the service provider's end-user traffic. In...
0300276
August 1, 2008
Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane
Scope, Purpose, and Application In some telecommunications networks, management traffic is often transmitted on a separate network from that carrying the service provider's end-user traffic. In...
August 1, 2005
Operations, Administration, Maintence, and Provisioning Security Requirements for the Public Telecommunications Network: a Baseline of Security Requirements for the Management Plane, to Add Requirements to Support Packet Filtering for the Prevention of Unwanted Traffic
A description is not available for this item.
July 1, 2003
Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane, to add requirements to support packet filtering for the prevention of unwanted traffic
A description is not available for this item.
July 1, 2003
Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane
A description is not available for this item.

References

Advertisement