ATIS - 0300276
Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane
Organization: | ATIS |
Publication Date: | 1 August 2008 |
Status: | inactive |
Page Count: | 62 |
scope:
Scope, Purpose, and Application
In some telecommunications networks, management traffic is often transmitted on a separate network from that carrying the service provider's end-user traffic. In these networks, security threats to the management plane are completely isolated from any malicious activity on the end-user plane. The management plane is relatively easy to secure because access to this plane is restricted to known administrators, and traffic is restricted to known management activities. However, in some cases management traffic is combined on a single network with the service provider's end-user traffic. Combining traffic in this manner minimizes costs by requiring only a single integrated network infrastructure; however, many new security challenges are introduced. Threats in the end-user plane now become threats to the management and control planes. The management plane now becomes accessible to the multitude of end-users, and many types of malicious activities become possible. The purpose of this standard is to recommend minimum baseline security mechanisms to help mitigate security risks in the management of telecommunications networks.
To provide a complete end-to-end solution, all security measures (e.g., access control, authentication) should be applied to each type of network activity (i.e., management plane activity, control plane activity, and end user plane activity) for the network infrastructure, network services, and network applications. This standard focuses specifically on the security aspect of the management plane for network elements (NE) and management systems (MS), which are part of the network infrastructure. As such, the standard addresses only one aspect of an overall end-to-end security solution, but may be used as a starting point for subsequent standards addressing the security of "control" and "end user" planes, as appropriate.
The requirements in this standard are applicable to NEs and MSs to be deployed in the future. For NEs in the network that do not meet all the mandatory security requirements, the overall security requirements at the network architecture design should be supported. This standard addresses security for NE, MS, and element management system (EMS) equipment, and does not specifically address security for other equipment such as customer premise equipment (e.g., voice over Internet Protocol [IP] telephones) or independent test gear. For such other equipment, all mandatory requirements in this standard should be considered objective recommendations.
This standard has been used by the International
Telecommunication Union - Telecommunications Sector (ITU-T) as the
base to develop the M.3016.x series of Recommendations. ITU-T
Recommendations M.3016.1, M.3016.2 and M.3016.3 specify the
requirements, services, and mechanisms for the appropriate security
of the management functions necessary to support the
telecommunications infrastructure. Because different
administrations and organizations require varying levels of
security support, ITU-T Recs. M.3016.1, M.3016.2 and M.3016.3 do
not specify whether a requirement/service/
Document History






