Security Management of Next Generation Telecommunications Networks and Services E-Book

CONTENTS

PREFACE

ORGANIZATION

ABOUT THE AUTHOR

ACKNOWLEDGMENTS

1 INTRODUCTION

1.1 EVOLUTION OF NETWORKING CONCEPTS

1.2 A NETWORK SECURITY HISTORICAL PERSPECTIVE

1.3 NETWORK AND SECURITY MANAGEMENT SYSTEMS

1.4 EVOLUTION OF NETWORK AND SECURITY MANAGEMENT CONCEPTS

1.5 HOW THE NEED FOR INFORMATION SECURITY HAS CHANGED

1.6 SUMMARY

FURTHER READING AND RESOURCES

2 OVERVIEW OF CURRENT AND FUTURE NETWORKS

2.1 A LITTLE NETWORK HISTORY

2.2 COMMON NETWORK ORGANIZATIONS

2.3 NEXT-GENERATION NETWORKS AND INTERFACES

2.4 SUMMARY

FURTHER READING AND RESOURCES

3 SECURITY MANAGEMENT IN CURRENT AND FUTURE NETWORKS

3.1 CYBERCRIME AS A DRIVER FOR INFORMATION SECURITY MANAGEMENT

3.2 GOVERNANCE AS A DRIVER FOR INFORMATION SECURITY MANAGEMENT

3.3 INFORMATION SECURITY MANAGEMENT FRAMEWORKS

3.4 A HOLISTIC APPROACH FOR SECURITY MANAGEMENT

3.5 SUMMARY

FURTHER READING AND RESOURCES

4 RISK MANAGEMENT IN CURRENT AND FUTURE NETWORKS

4.1 ASSET IDENTIFICATION: DEFINITION AND INVENTORYING

4.2 IMPACT ANALYSIS

4.3 RISK MITIGATION CONTROLS ACQUISITION OR DEVELOPMENT

4.4 RISK MITIGATION CONTROLS DEPLOYMENT TESTING

4.5 SUMMARY

FURTHER READING AND RESOURCES

5 OPERATIONAL MANAGEMENT OF SECURITY

5.1 SECURING MANAGEMENT APPLICATIONS AND COMMUNICATIONS

5.2 SECURITY OPERATIONS AND MAINTENANCE

5.3 WITHDRAWAL FROM SERVICE

5.4 SUMMARY

5.5 CONCLUDING REMARKS

FURTHER READING AND RESOURCES

APPENDICES

APPENDIX G: SECURITY MAPPING BETWEEN M.3400 AND M.3050

APPENDIX H: STATE PRIVACY LAWS AS OF 2010

APPENDIX K: EXAMPLE SECURITY STATEMENT OF WORK

I GENERAL

II PURCHASER WINDOWS OPERATING SYSTEM HARDENING REQUIREMENTS

III PURCHASER IPSEC USAGE REQUIREMENTS

IV LIST OF ATTACHMENTS

APPENDIX L: EXAMPLE SOLARIS OPERATING SYSTEM AUDIT PROCEDURES

APPENDIX M: EXAMPLE PROCEDURE FOR BASIC HARDENING OF A WINDOWS XP PROFESSIONAL OPERATING SYSTEM

APPENDIX N: EXAMPLE NETWORK AUDIT PROCEDURE

N.1 INTRODUCTION

N.2 AUDIT CHECKLIST FOR EXTERNAL NETWORK SECURITY

APPENDIX O: EXAMPLE UNIX–LINUX OPERATING SYSTEM AUDIT PROCEDURES

INDEX

Copyright © 2014 by The Institute of Electrical and Electronics Engineers, Inc.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey. All rights reserved

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data:Jacobs, Stuart.    Security management of next generation telecommunications networks and services / Stuart Jacobs.        pages cm    ISBN 978-0-470-56513-1 (hardback)1. Computer networks–Security measures. I. Title.    TK5105.59.J329 2013    005.8–dc23

2013011611

This book is dedicated to my wife, Eileen, for her patience with my spending so much time at the keyboard rather than with her.

PREFACE

This book focuses on the management of information security in next generation networks from the viewpoint of a telecommunications service provider, commercial enterprise or any other type of networked organization as a governance issue that needs to follow the “Plan, Do, Check and Act” approach promulgated by W. Edwards Deming and captured in ISO Standard 27001 as it applies to the management of security. Following a review of the evolution of standardized network management concepts and how networking concepts and context have grown in complexity over the last 20 years, the need for security governance is discussed. Under governance, not only are current management frameworks considered, the need for well-organized information security policies, security organizational structures, approaches for establishing security procedures, and development of security requirements are discussed. Risk management, a core component of information security governance, is then covered starting with asset inventory capture and categorization through vulnerability identification, threat determination, risk mitigation, and prioritization of mitigation plans. The subject of operations security (OPSEC) is then dealt with as OPSEC is where the Deming “Act” and “Check” aspects are most fully realized. The security governance concepts presented herein are equally applicable to both legacy and next generation network environments. A significant number of appendices useful to industry professionals and students are included, which provide examples of information security policies, detailed security requirements derivation, request for proposal security material, evaluation of proposal security submissions, security statements of work for contracts, and operations security procedures for auditing and platform hardening. Three appendices provide overviews covering the role of cryptography in information security, authentication of subjects, network security mechanisms, and securing network protocols.

ORGANIZATION

Chapter 1 discusses:

How the very concept of networking has evolved over time;

The evolution of network security concepts from a standards perspective;

Network and security management systems;

The evolution of network and security management concepts; and

How the management of information security needs have changed over time.

Chapter 2 discusses:

How modern networks have evolved over time;

Common network organizations including wired, wireless metropolitan area, wide area, Supervisory Control and Data Acquisition (SCADA), sensor networks and clouds;

Next Generation Network framework and architecture concepts; and

The evolving Internet Protocol (IP) Multimedia Subsystem organization of services.

Chapter 3 discusses:

How cybercrime has become a significant information security driver;

The evolution of Information Security Governance into a core organizational management component;

The primary Information Security management frameworks and the relative advantages/disadvantages to each framework; and

A holistic information security management approach leveraging the strengths of existing frameworks.

Chapter 4 discusses:

Asset identification and developing an inventory of organizational assets;

Analyzing the impact when organizational assets are damaged, lost, or made unavailable due to accidental or malicious human activities;

Procedural risk mitigation controls;

Technical risk mitigation controls acquisition or development; and

Risk mitigation controls deployment testing.

Chapter 5 discusses:

Security within Element and Network Management Systems;

Telecommunications Management Network Security;

Operations Support Systems Security Needs;

A Security Management Framework as defined by ITU-T Recommendation M.3410;

Operational Security Compliance Programs;

Security Operations Reviews and Audits;

Security Event Response and Incident Management;

Penetration Testing;

Common Criteria Evaluated Systems;

Accreditation and Certification; and

Withdrawal from service.

Also included are a variety of appendices as follows:

Appendix A

provides a synopsis of basic cryptography concepts, explores major aspects of crypto-analysis and key management, and describes the primary approaches for cryptographically based authentication.

Appendix B

describes the Kerberos authentication system, public key management via Public Key Infrastructures (PKI), reviews issues associated with human authentication, and describes the capabilities of RADIUS-, LDAP- and Diameter-based authentication.

Appendix C

reviews the Data Link Layer Security Mechanisms (IEEE 802.1q, IEEE 802.1x, IEEE 802.11i), the IP Security (IPsec) inter-networking security mechanism, network authorization and access control mechanisms (Firewalls, Application-level Gateways, and IPS/IDS), Transport protocol security mechanisms (TLS, DTLS, SSL, and Secure Shell), Application Security Mechanisms, Web application Security Mechanisms (XML, SOA, SOAP, and SAML), and Anti-Malware Applications, Host-based Firewalls, Modification Scanners, and Host-based IPS/IDS.

Appendix D

provides an example Organization security policy document based on the ISO/IEC 27002 standard that can serve as a starting point for developing customized policy documents.

Appendix E

provides an example decomposition of the example security policy document in Appendix D into detailed enterprise security functional requirements that can serve as a starting point for developing customized policy documents.

Appendix F

provides an overview of commonly used networking protocols in the data link, inter-networking, transport, and application layers along with known attacks that leverage vulnerabilities within different protocols.

Appendix G

provides a comparison of security functionality covered by ITU-T Recommendations M.3400 and M.3050.

Appendix H

lists the state level personally identifiable information privacy—breach notification laws enacted within the United States as of 2010.

Appendix I

provides an example set of detailed information security-related functional requirements that can be used in Requests for Proposals (RFPs).

Appendix J

provides an example Microsoft Excel spreadsheet that can be used for evaluating supplier proposals based on the requirements found in Appendix I.

Appendix K

provides an example Security Statement of Work that can be used in contract negotiations.

Appendix L

provides an example set of Solaris Operating System security audit procedures.

Appendix M

provides an example set of Microsoft XP Operating System security hardening procedures.

Appendix N

provides an example set of network security audit procedures.

Appendix O

provides an example set of generic Unix Operating System security audit procedures.

TARGET AUDIENCE

The major audiences for this book are:

Graduate students studying Computer/Information Sciences/Engineering, Systems Engineering, and Technology/Business Management, and

Professionals in the telecommunications field that rely on reliable and trustable information processing and communications systems and infrastructures.

ABOUT THE AUTHOR

Stuart Jacobs holds the position of Lecturer on the faculty in the Boston University Metropolitan College Computer Science (MET CS) department. Stuart’s responsibilities include teaching graduate courses on “Enterprise Information Security,” “Network Security,” and “Network Forensics” along with serving as the MET CS department security curriculum coordinator with responsibility for all MET CS security courses.

Stuart has served as an Industry Security Subject Matter Expert for the Alliance for the Telecommunications Industry Solutions (ATIS) and has served as the Technical Editor of the ATIS Technical Report “Information & Communications Security for NGN Converged Services IP Networks and Infrastructure” and as the Technical Editor of ITU-T M.3410, “Guidelines and Requirements for Security Management Systems.”

Stuart retired from Verizon Corporation in 2007 where he was a Principal Member of the Technical Staff with responsibility for security architecture development, security requirements analysis, and standards development activities. As Verizon’s lead security architect, Stuart was the lead engineer for security on numerous Verizon network equipment RFPs and provided security consulting on wireless and wired networks, SS7, CALEA/LI, vulnerability analysis, intrusion detection, and systems engineering methodologies. Additionally, Stuart served as Verizon’s security subject matter expert for ANSI-ATIS, ITU-T, TMF, OIF, MSF, OMG, and IETF activities. In addition to his other duties, Stuart has also pursued applied research in network design and security, in particular wireless networks, public key infrastructures, network authentication schemes, distributed computing security mechanisms (including autonomous agent systems, authentication mechanisms for Mobile IP, Mobile Ad-Hoc Self Organizing Networks, and Intelligent Agents) for government and commercial organizations and agencies.

Stuart holds an MSc. degree and CISSP certification; he is completing a Ph.D. degree in Information Systems with a concentration in security and is a member of the:

Institute of Electrical and Electronics Engineers (IEEE),

IEEE Computer Society,

Association for Computing Machinery (ACM), Senior Member,

International Information Systems Security Certification Consortium (ISC)

2

, and

Information Systems Security Association (ISSA), Senior Member.

ACKNOWLEDGMENTS

I would like to thank Thomas Plevyak for encouraging me to write this book; Thomas Plevyak and Veli Sahin, the IEEE Press Network Management Series Editors, for all their constructive comments and suggestions; the anonymous reviewers for their comments and advice; my former Verizon co-workers; and members of the New England chapter of the ISSA.

1

INTRODUCTION

At the very outset of this book, questions worth asking are:

What is the author referring to by the word “security?”

What is the author referring to by the words “security management?”

What are next-generation networks and services?

Security is a word whose meaning seems to change depending on the context where it is used and by the “mindset” or background of the individual. Some people think security is solely about “chain-link” fences, security guards, burglar alarms/video cameras, etc. Other people think security is about the use of encryption, login passwords, “firewalls,” etc. Then there are those who believe security is only an issue for military-intelligence type organizations and of no importance, or a hindrance, to commercial and other enterprises, as allegedly overheard at a meeting of security people (Kaufman et al., 2002):

Speaker:

Isn’t it terrifying that on the Internet we have no privacy?

Heckler 1:

You mean confidentiality. Get your terms straight.

Heckler 2:

Why do security types insist on inventing their own language?

Heckler 3:

It’s a denial of service attack.

The aforementioned simply exemplifies how words become confused, misused, or ambiguous, when talking about security.

This problem just grows when the phrase “security management” appears. Does security management refer to:

the management of technology related to security?

the management of security activities?

security for information processing management activities?

security of organizational management activity?

or

all of the above?

Again it depends on the individual as to which of the aforementioned is germane.

Then there is the term “Next-Generation Network,” usually abbreviated as NGN. What is an NGN? What technologies are used by an NGN? How does an NGN differ from today’s Internet Protocol (IP)-based networks and the existing Public Switched Telephone Networks (PSTNs)? A wide number of subjects need to be considered to answer the previous questions and should be addressed in an order that builds upon a number of foundation concepts.

The goal of this book is to provide an answer to these questions.

This chapter discusses:

How the very concept of networking has evolved over time;

The evolution of network security concepts from a standards perspective;

Network and security management systems;

The evolution of network and security management concepts;

How the management of information security needs have changed over time.

Chapter 2 discusses:

How modern networks have evolved over time;

Common network organizations including: wired, wireless, metropolitan area, wide area, Supervisory Control and Data Acquisition (SCADA), sensor networks, and clouds;

Next-Generation Network framework and architecture concepts;

The evolving IP Multimedia Subsystem (IMS) organization of services.

Chapter 3 discusses:

How cybercrime has become a significant information security driver;

The evolution of information security governance into a core organizational management component;

The primary information security management frameworks and the relative advantages/disadvantages to each framework;

A holistic information security management approach leveraging the strengths of existing frameworks.

Chapter 4 discusses:

Asset identification and developing an inventory of organizational assets;

Analyzing the impact when organizational assets are damaged, lost, or made unavailable due to accidental or malicious human activities;

Procedural risk mitigation controls;

Technical risk mitigation controls acquisition or development;

Risk mitigation controls deployment testing.

Chapter 5 discusses:

Security within Element and Network Management Systems (EMS/NMS);

Telecommunications Management Network (TMN) Security;

Operations Support Systems (OSSs) Security Needs;

A Security Management Framework as defined by ITU-T Recommendation M.3410;

Operational Security Compliance Programs;

Security Operations Reviews and Audits;

Security Event Response and Incident Management;

Penetration Testing;

Common Criteria Evaluated Systems;

Accreditation and Certification;

Withdrawal from service.

Also included are a wide variety of appendices including:

Appendix

Presents

A

Provides a synopsis of basic cryptography concepts;Explores major aspects of crypto-analysis and key management; andDescribes the primary approaches for cryptographically based authentication.

B

Describes the Kerberos and Public Key Infrastructure (PKI) authentication systems;Reviews issues associated with human authentication;Describes the capabilities of RADIUS-, LDAP- and Diameter-based authentication.

C

The Data Link Layer Security Mechanisms IEEE 802.1q, IEEE 802.1x, IEEE 802.11i;

The IP Security (IPsec) inter-networking Security Mechanism;

Network Authorization and Access Control mechanisms for: Firewalls, Application-level Gateways and IPS/IDS;

Transport protocol security mechanisms: TLS, DTLS, SSL and Secure Shell (SSH);

Application Security Mechanisms;

The Web application Security Mechanisms: XML, SOA, SOAP and SAML; and

Anti-Malware Applications for malware and spyware Scanning, Host Based Firewalls, Modification Scanners and Host Based IPS/IDS.

D

An example Organization security policy document based on the ISO/IEC 27002 standard that can serve as a starting point for developing customized policy documents.

E

An example decomposition of the example security policy document in Appendix D into detailed enterprise security functional requirements that can serve as a starting point for developing customized policy documents.

F

An overview of commonly used networking protocols in the data link, internetworking, transport, and application layers along with know attacks that leverage vulnerabilities within different protocols.

G

A comparison of security functionality covered by ITU-T Recommendations M.3400 and M.3050.

H

The state level personally identifiable information privacy—breach notification laws enacted within the United States as of 2010.

I

An example set of detailed information security related functional requirements that can be used in Requests for Proposals (RFPs).

J

An example Microsoft Excel spreadsheet that can be used for evaluating supplier proposals based on the requirements found on Appendix I.

K

An example Security Statement of Work (SOW) that can be used in contract negotiations.

L

An example set of Solaris Operating System security audit procedures.

M

An example set of Microsoft XP Operating System security hardening procedures.

N

An example set of network security audit procedures.

O

An example set of generic Unix Operating System security audit procedures.

1.1 EVOLUTION OF NETWORKING CONCEPTS

Through the 1960s and 1970s, there were two approaches to networking:

the Public Switched Telephone Network (PSTN), commonly referred to as telephony, and

computer/data communications networks.

Each approach evolved independently of the other and represented very different views regarding how devices should communicate and who should control the technology.

1.1.1 The Public Switched Telephone Network

The Public Switched Telephone Network (PSTN) was a government-sanctioned and regulated monopoly of “telephone companies” with about 65% owned and operated by AT&T,1 about 30% owned and operated by GTE,2 with the remaining 5% by some 20 very small independent owners/operators. As AT&T represented the largest PSTN operator, its Bell Laboratories was the driving force for the development of most PSTN technologies (especially network interfaces and protocols), since the other much smaller operators all had to interconnect with AT&T’s infrastructure. Only following the 1968 U.S. Supreme Court “Carterphone” decision (and FCC ruling 13 F.C.C.2d 420), regarding modems,3 were devices not supplied by the telephone company allowed to be interconnected to telephone networks. Even after the “Carterphone” decision, up through the 1990s, PSTN technology evolution was primarily controlled by PSTN operating companies and their equipment suppliers. Starting in the 1990s, Standards Development Organizations (SDOs) and industry forums began to have a major impact on PSTN technology. The major SDOs and forums impacting PSTN technology development have been the:

International Telecommunication Union-Telecommunications (ITU-T) Standardization Sector whose predecessor was the International Telegraph and Telephone Consultative Committee (CCITT);

Telecommunications Industry Association (TIA);

Alliance for Telecommunications Industry Solutions (ATIS);

European Telecommunications Standards Institute (ETSI);

International Standards Organization (ISO); and

3rd Generation Partnership Project (3GPP).

Presently, these and numerous other organizations have assumed a significant role in defining how telephony-related technology should evolve.

1.1.2 Computer/Data Communications Networks

Computer/data communications network technology through the 1960s and 1970s was predominately controlled by computer manufacturers who developed network capabilities specifically to support their proprietary product lines. During this era, IBM4 represented over 70% of all computers sold; consequently, other computer manufacturers routinely provided some degree of interoperability with IBM’s networking technology. Virtually all of these proprietary computer networking capabilities were based on bit synchronous link protocols and used of an end-to-end connection approach between end computer systems. Each computer manufacturer developed their unique networking capabilities according to a proprietary network architecture5 that was not subject to non-company external review or approval. In the 1980s, work on the concept of connectionless packet networking, independent of any single computer manufacturer, started to mature with the publication of the U.S. Government Defense Advanced Research Projects Agency sponsored, and in many cases Internet Engineering Task Force published, Request for Comments (RFCs) 791,6 792,7 and 7938 (defining IPv4, ICMPv4, and TCPv4) that are the foundation protocols for the modern Internet Suite of protocols and defined basic packet internetworking and end-to-end transport capabilities for generalized connectionless networking. By the early 1990s, IPv4 and TCPv4 had become de facto standards for computer-to-computer communications with the responsibility for these, and many other protocols, under the control of the Internet Engineering Task Force (IETF). Virtually all computers now include native Internet Protocol (IP-) and Transmission Control Protocol (TCP)-based communications capabilities. It must be noted that IETF protocol development does not follow any formalized network architecture beyond relying on the use of IP, TCP, and User Datagram Protocol (UDP).

1.1.3 Network Architectures

The first approach to developing a non-proprietary network architecture resulted in the publication by the ISO of document ISO/IEC 7498-19 in 1984, known as the Open System Interconnect (OSI) model.10 It was quickly followed by three other standards, ISO/IEC 7498–2,11 ISO/IEC 7498–3,12 and ISO/IEC 7498-4.13 The major contributions of these standards have been:

Formal introduction of the concept of layering protocols, that operate on an end-to-end basis upon other protocols that provide interconnection/forwarding capabilities that provide basic communications link functions;

The concept that a protocol should only utilize information about another protocol (either above it or below it) that is available via a well-defined interface, thereby allowing the internal structure or operation of a protocol to be changed without negatively impacting other protocols; and

Recognition that more than just protocols are necessary for a network architecture, namely, it:

provided formalized descriptions of protocol concepts for multiple protocol layers (ISO/IEC 7498–1);

introduced a standardized approach for the consideration of communications security capabilities (ISO/IEC 7498–2);

recognized the need for standardized naming, addressing, and directory capabilities (ISO/IEC 7498–3); and

presented a framework and basic concepts for the management of communications components, features, and services (ISO/IEC 7498–4).

Although the seven protocol layers and specific protocols specified within these ISO standards have not been widely adopted, the general concepts from:

ISO/IEC 7498–1 (aka ITU-T X.200) of protocol layering and well-defined interprotocol interfaces are widely accepted;

ISO/IEC 7498–2 (aka ITU-T X.800) for communications security services, security mechanisms, and the management of security mechanisms are considered the de jure definitions for security; and

ISO/IEC 7498–4 (aka ITU-T X.700) for the management of communications devices, in the form of Fault, Configuration, Accounting, Performance, and Security Management (the “FCAPS” of management), are considered the de jure areas that network management focuses upon.

Figure 1.1 highlights the relationship of protocol layer within the OSI protocol model versus the Internet Suite of protocols. Some consider Internet Suite application protocols to constitute layer 5 protocols.

1.1.4 Data Network Complexity

Since the aforementioned ISO standards were published, the complexity of deployed networks has vastly grown. Chapter 2 will explore this increasing complexity in more detail. Up through the 1980s, computer-oriented networks were primarily single facility/location oriented with computers either directly interconnected or connected to a local area network (LAN) that may have included a number of segments interconnected by bridging devices (e.g., Ethernet layer 2 bridges). Interfacility/location interconnection of computers or LANs relied on the use of modems to attach the local network to the PSTN via a modem and dial-up lines/services or a channel service unit to a PSTN-operator-supplied leased line.14

A “sea change” occurred in computer-data-networking with the concept of a router15 which was under development through the 1970s and 1980s based on the use of minicomputers. These minicomputer router capabilities were, in this time frame, primarily limited to academic, government, and industrial research networks, given their expense and complexity. In the late 1980s, stand-alone multi-protocol connectionless routers became commercially available. These routing devices radically altered how computer networks were structured. From the late 1980s up to the present, router-based networks frequently utilize multiple routers to structure facility/location networks into logically separate subnets and tie multiple facility/location networks into enterprise networks that span geographic regions. High capacity versions of these routers have been instrumental to the evolution and growth of the Internet, which is really the router-based interconnection of a number of very large corporate or other enterprise-operated router networks. Figure 1.2 depicts the concept of a number of core (backbone) networks operated by AT&T, Verizon Business (formally MCI), Quest, Sprint, Level 3 Communications (L3), NTT Communications (NTTC) and Global Crossing (GBLX), “Tier 1” Internet Service Providers (ISPs), and an example set of commercial/residential access ISPs (the terms “alpha,” “bravo,” “delta,” “echo,” “tango,” and “zulu” are used rather than actual company names for these example commercial/residential access ISPs). The term wide area network (WAN) represents Tier 1 ISP-routed networks that span wide geographic regions, and the term “IP Metro Network” represents access ISP-routed networks that span metropolitan-size geographic areas. As shown in Figure 1.1, the “Internet” is not a single network but many interconnected networks used to interconnect millions of other networks and computers.

Another area of complexity not considered by the ISO standards is at layer 2 of the OSI model. At the time when the ISO standards were published, the OSI layer 2 for local networks was considered to be a simple ability to interconnect two devices in either:

a point-to-point manner (also called direct connection) as shown in

Figure 1.3

;

a multi-drop manner where a number of devices are interconnected to a common physical medium such as with the early versions of Ethernet (i.e., 10base5 “thick-wire” and 10base2 “thin-wire” coaxial cabled Ethernet) as shown in

Figure 1.4

; or

a “star” manner where a number of devices are interconnected to a common device such as with hubbed or switched versions of Ethernet (i.e., 10baseT over-twisted pair cabling) as shown in

Figure 1.5

.

Interconnection of LANs was expected to rely on some form of intermediate packet switching network, such as a commercially available X.25 network. During the 1990s timeframe, significant layer 2 technological developments resulted in the availability of Synchronous Optical Network (SONET) and Asynchronous Transfer Mode (ATM) layer 2 networking along with continued use of X.25 and its commercial successor Frame Relay networking. These developments resulted in interfacility interconnection of facility/location LANs often using two or three protocols below the layer 3 protocol (routinely IPv4). For example, an organization interconnecting routed subnets at three locations would configure their routers to use SONET links over which ATM would be used to transport Ethernet frames that carried IP packets. Figure 1.6 depicts various arrangements for layering protocols within layer 2.

In Figure1.6:

PON represents Passive Optical Networking

MPLS represents Multi-protocol Label Switching

xDLS represents various forms of Digital Subscriber Line technologies

FR represents Frame Relay

Serial represents asynchronous dial-up PSTN access

802.3 represents Ethernet

802.11 represents Wireless Ethernet (aka “WiFi”)

PPP represents Point-to-Point Protocol

PPPoE represents Point-to-Point Protocol over Ethernet.

What needs to be pointed out is that:

SONET technology is not a simple direct-connect, multi-drop, or star technology but actually provides the ability to interconnect many devices in what are called rings and even interconnect these rings into more complex organizations as shown in

Figure 1.7

; and

ATM technology is also not a simple direct-connect, multi-drop, or star technology but actually provides the ability to interconnect many devices in a meshed manner, with multiple links exiting/entering each ATM switch allowing the construction of complex ATM interconnections as shown in

Figure 1.8

.

ATM switches are routinely interconnected over SONET infrastructures, thus resulting in a complex organization of interconnected devices layered on top of another complex organization of interconnected devices.

As can be seen from the proceeding discussion, the standards describing network architectures have not kept pace with the various technologies deployed and the corresponding complexity of modern networks. For this reason, we start our discussion by considering how security, and its management, has been viewed from a standards perspective. We will also discuss some of the typical security technologies deployed in today’s network infrastructures.16

1.2 A NETWORK SECURITY HISTORICAL PERSPECTIVE

To properly discuss what security management focuses on, it is helpful to understand where the very concept of network management began and how the issue of managing security has evolved over the decades. The first effort to formalize network management concepts resulted in the development and publication of ISO/IEC 7498–4. Prior to the publication of ISO/IEC 7598–1, network management (and security) were proprietary capabilities of both the PSTN and computer manufacturer products and services. However, during the 1980s, many in telecommunications-related industries began to recognize that network management activities could be grouped into the five areas of:

F

ault management;

C

onfiguration management;

A

ccounting management;

P

erformance management; and

S

ecurity management.

As organized in ISO/IEC 7498–4, these areas are typically referred to collectively as FCAPS (an acronym based on the first letter of each area). The subject of security management was further expanded upon in ISO/IEC 7498–2. When ISO published ISO/IEC 7498–4, the subject of security management was limited to simply noting that security management exists to support the application of security policies by functions concerned with:

creation, deletion, and control of security services and mechanisms;

distribution of security-relevant information; and

reporting of security-relevant events,

and then directs the reader back to ISO/IEC 7498–2 for additional information on management functions within the ISO security architecture. Therefore, to understand the roots of security management concepts, we need to further examine ISO/IEC 7498–1 and ISO/IEC 7498–2.

The aforementioned ISO standards ISO/IEC 7498–1, ISO/IEC 7498–2, and ISO/IEC 7498–4 have served as cornerstone documents and even adopted directly by the ITU-T as ITU-T X.200 (ISO/IEC 7498–1), ITU-T X.800 (ISO/IEC 7498–2), and ITU-T X.700 (ISO/IEC 7498–4). It is worth taking a look at these documents.

1.2.1 ISO/IEC 7498–1 (ITU-T X.200) Coverage of Management

ISO/IEC 7498–1 (X.200) focuses on the formal architecture of networks and the control of network components/devices (assets); however, only about 2 pages, out of some 60 plus pages, are devoted to the management of network assets. This document defines a number of concepts, specifically:

ISO/IEC 7498–1 (X.200) then states that only management-related communication between management functions within networked devices is of concern within the network architecture, and that management activities local to specific networked devices are out of scope as the standard only considers network resources involved with data processing and data communication. Application management is discussed as the management of network application processes and includes activities such as:

The activities of application security controls are not further explained or defined within the standard. Systems management is discussed as the management of network resources across all protocol layers, and such activities include:

The protocols used for systems management are considered application layer protocols. Protocol layer management activities such as activation and error control are considered to occur within each protocol layer, whereas other layer management activities are viewed as part of systems management. ISO/IEC 7498-1’s consideration of management and security subjects is so general as to be almost useless. Five years would pass before network management and security were given any serious consideration with the publication of ISO/IEC 7498–4 (X.700) and ISO/IEC 7498–2 (X.800).

1.2.2 ISO/IEC 7498–4 (ITU-T X.700) Coverage of Security Management

ISO/IEC 7498–4 (ITU-T X.700) devotes a single paragraph to the subject of security management which simply says that this area focuses on:

creation, deletion, and control of security services and mechanisms;

distribution of security-relevant information; and

reporting of security-relevant events.

Nowhere in this document are these concepts further discussed other than to refer the reader to ISO/IEC 7498–2 (X.800).

1.2.3 ISO/IEC 7498–2 (ITU-T X.800) Coverage of Security and Management

For the sake of simplicity, and because the ITU-T published standards tend to be more frequently referenced than the ISO/IEC versions, we will hence forward reference X.200, X.700, and X.800 rather than the ISO/IEC versions.

Although frequently referred to as a “security architecture,” the main value of ITU-T X.800 is the introduction and definition of:

five primary network security services;

a set of specific network security mechanisms;

a number of non-specific (general) device resident security mechanisms; and

a description of management mechanisms for controlling deployed security mechanisms.

ITU-T X.800 is concerned only with those visible aspects of communications that permit networked elements to achieve the secure transfer of information between them. It does not attempt to provide any kind of detailed descriptions or requirements, nor does it provide the means to assess conformance of any implementation to this or any other security standard. Additionally, it does not indicate, in any detail, the additional security mechanisms needed within networked elements to ensure reliable, secure computer operation.

1.2.3.1 X.800 Security Services.

Security services are abstract functional capabilities which can counter security threats. In practice, these services are invoked at appropriate protocol layers and within computing elements, and in different combinations, to satisfy organizational security policies, requirements, and operational rules. Practical realizations of systems may implement particular combinations of the basic security services for direct invocation. Historically, there were considered to be five fundamental security services: Authentication (three variations), Access Control, Confidentiality (four variations), Integrity (five variations), and Non-repudiation (two variations). Standardized definitions of these historical security services were provided in ITU-T X.800-1991 and presented in Table 1.1.

X.800 then goes on to say that these security services would be instantiated via the deployment of security mechanisms, which are then discussed next as either specific security mechanisms or pervasive security mechanisms.

1.2.3.2 X.800 Specific Security Mechanisms.

The specific security mechanisms X.800 considers appropriate for providing the aforementioned security services, which may be implemented (provided) within individual protocol layers, are presented in Table 1.2.

Appendix A of this book, “Role of Cryptography in Information Security,” provides an overview of cryptographic hash algorithms and both symmetric and asymmetric cryptography along with how this technology may be used to provide:

both Peer-entity and Data-origin authentication;

different forms of confidentiality and integrity; and

non-repudiation via digital signatures.

Appendix B of this book, “Authentication of Subjects,” provides an overview of the different approaches for both cryptographic and non-cryptographic authentication of subjects (both human and machine).

1.2.3.3 X.800 General Security Mechanisms.

ITU-T X.800 also describes a number of non-specific (general or pervasive) security mechanisms that all networked devices should include. These pervasive security mechanisms are expected to be independent of any network services, rather general capabilities of a network attached device, be it a router, switch server, workstation, etc. The intent of these mechanisms is to provide a secure execution environment for protocol-related security mechanisms.

TABLE 1.1. X.800 Security Services.

Service Group

Specific Service

Service Purpose or Capability

Authentication

Peer-entity authentication

A service for confirming the identities of subjects communicating with each other and provides confidence that a subject is not attempting to masquerade as some other subject.

Data-origin authentication

A service for corroborating the source subject from which data are received and does not necessarily provide protection against duplication or modification of data.

User authentication

A service for confirming/validating the identity of a human subject when the subject logs into a computer system and provides confidence that a human subject is not attempting a masquerade as a different human subject.

Access control

A service that provides protection against unauthorized use or access to communications resources (objects) and may be applied to various types of access to a resource.

Confidentiality

Connection confidentiality

A service that provides for the confidentiality of all data (objects) on a protocol connection being used by two communicating subjects.

Connectionless confidentiality

A service that provides for the confidentiality of all data (objects) transferred by a protocol being used by two communicating subjects over a protocol exchange between the two subjects where the protocol uses a connectionless, or best effort/datagram, exchange method.

Selective field confidentiality

A service that provides for the confidentiality of selected data (objects) transferred by a protocol regardless of whether the protocol operates in a connection-oriented or connectionless manner.

Traffic flow confidentiality

A service that provides for the protection of information which might be derived from observation of the existence of communications activities between two subjects.

Integrity

Connection integrity with recovery

A service that provides the ability to detect the occurrence of unauthorized modification of all data (objects) on a protocol connection being used by two communicating subjects and should an unauthorized modification be detected, this service includes the ability to effect retransmission of the modified object(s).

Connection integrity without recovery

A service that provides the ability to detect the occurrence of unauthorized modification of all data (objects) on a protocol connection being used by two communicating subjects and does not include the ability to effect retransmission of the modified object(s).

Selective field connection integrity

A service that provides the ability to detect the occurrence of unauthorized modification of selected data (objects) on a protocol connection being used by two communicating subjects and does not include the ability to effect retransmission of the modified object(s).

Connectionless integrity

A service that provides the ability to detect the occurrence of unauthorized modification of all data (objects) on a protocol connection being used by two communicating subjects where the protocol uses a connectionless, or best effort/datagram, exchange method.

Selective field connectionless integrity

A service that provides the ability to detect the occurrence of unauthorized modification of selected data (objects) on a protocol connection being used by two communicating subjects where the protocol uses a connectionless, or best effort/datagram, exchange method.

Non-repudiation

Non-repudiation with proof of origin

A service that provides a receiving subject of data with proof of the origin (sending subject) of data/object. This will protect against any attempt by the sender (sending subject) to falsely deny sending the object or its contents.

Non-repudiation with proof of delivery

A service that provides a sender (sending subject) of data with proof of delivery of object to the receiving subject. This will protect against any subsequent attempt by the recipient to falsely deny receiving the data or its contents.

Unfortunately, ITU-T X.800 does not provide any in-depth discussion or description of these pervasive security mechanisms beyond a general definition of each (Table 1.3).

1.2.3.4 X.800 Security Management Mechanisms.

ITU-T X.800 management of security focuses specifically on managing, controlling, configuring, and monitoring security services and mechanisms within network protocols and securing network management functionality; any consideration of managing general security capabilities within devices is considered out of scope of the document. A key concept introduced in X.800 is that of a “Security Domain” wherein all “subjects” are expected to adhere to a common set of security policy statements (requirements) as specified by a single “authority.” The authority is the organization that controls or is responsible for network services and identifies who may interact with what services and functions via statements within the security policy. As stated in X.800, security management is concerned with the management of communications security services and mechanisms and spans both the configuration of these services and mechanisms and collection of information concerning the operation of these services and mechanisms. Some of the configuration control responsibilities of communications security management include:

TABLE 1.2. X.800 Included Specific Security Mechanisms.

Security Mechanism

Mechanism Purpose or Capability

Encipherment

Encipherment mechanisms are based on encryption to provide confidentiality of either data or traffic flow information. Applicable encryption algorithms include symmetric (i.e., secret key) encryption and asymmetric (e.g., public key) encryption, and the use of an encryption mechanism implies the use of a key management mechanism.

Digital signatures

Digital signature mechanisms are based on asymmetric encryption and include procedures for signing data and verifying the signature of signed data. The basic characteristic of a digital signature mechanism is that the signature can only be produced using the signer’s private information.

Access control mechanisms

Access control mechanisms rely on some combination of:

authenticated identity of an entity;

information about an entity;

capabilities of an entity;

time of attempted access;

route of attempted access; and

duration of access,

in order to determine if access by the entity will be allowed to a resource.

Data integrity mechanisms

Data integrity mechanisms provide the ability to detect any accidental or intentional modifications. These mechanisms rely on the use of information (a secret key) shared by only the sending and receiving entities involved in an interaction.

Authentication exchange mechanisms

Authentication exchange mechanisms provide the ability to verify a claimed identity. These techniques may use cryptographic mechanisms, characteristics, or possessions of the requesting entity. These mechanisms may be combined with “handshaking” protocols.

Traffic padding mechanisms

Traffic padding can be used to provide some degree of protection against traffic analysis by obscuring the actual size of information being exchanged when used with encryption mechanisms.

Routing control mechanisms

Routing control mechanisms and systems are used to instruct a network SP to establish a connection via a specific route so as to bypass known/suspected malicious intermediate systems or to pass through certain sub-networks, relays, or links.

Notarization mechanisms

Notarization mechanisms are used to provide assurance of properties (such as data integrity, origin, time, and destination) about the data communicated between entities via a trusted third-party notary.

TABLE 1.3. X.800 Pervasive Security Mechanisms.

Trusted functionality

The intent of this mechanism is to ensure that security functions will perform as expected and not be affected by non-security-related functions within the device. However, the document does not provide any further elaboration on this subject.

Security labels

The intent of this mechanism is that software and data elements (resources) within a device may have a label associated with them such that the label indicates the “sensitivity” of the associated resource. These labels could be used to control access to a resource. The document does not provide any further elaboration on this subject.

Event detection

The intent of this mechanism is that apparent violations of security should be detectable and may also include detection of non-violation events, such as successful log-on or log-off. Events related to network activities and non-network activities should be detectable. This mechanism should also cover event reporting and event logging along with the syntactic and semantic definitions associated with these activities. The document does not provide any further elaboration on this subject.

Security audit trail

The intent of this mechanism is the ability to review security audit trails and provide a valuable capability to detect and investigate security breaches via subsequent security audits. Security audits require the recording of security relevant information in a security log file or equivalent form. Analysis and report generation from event and audit logs is considered a security management function. The document does not provide any further elaboration on this subject.

Security recovery

The intent of this mechanism is the ability to respond to requests from mechanisms such as event handling and management functions and either initiate or recommend recovery actions that isolate or mitigate the impact of security-violation-related events. The goal of this mechanism is the restoration of reliable normal functionality. The document does not provide any further elaboration on this subject.

distribution of cryptographic keys (“Key management”);

the setting of security-related parameters (“Configuration management”);

monitoring of both normal and abnormal security-related events (“Event–Fault management”);

generation and processing of audit trails (“Audit management”); and

both security service/mechanism activation and deactivation.

In X.800’s view, security management does not address how security mechanisms in protocols actually provide specific security services. Another basic concept introduced by X.800 is that of a Security Management Information Base (SMIB), which serves as a repository for security-relevant information. No specific approach, or other details, for the storage of the information is discussed; yet each networked device is expected to maintain that local information necessary for the device to enforce applicable security policy statements. The SMIB is expected to be:

essentially distributed across those devices within a “Security Domain,” and

likely included in any general Management Information Base (MIB) within and maintained by each device.

X.800 aggregates security management activities into three categories:

network security management;

network security service management;

network security mechanism management.

Network security management functionality is expected to typically include:

overall network security policy management;

interaction with other network management functions;

interaction with network security service management and network security mechanism management;

network security event management spans those aspects of event handling and the remote reporting of apparent attempts to violate network security and the modification of thresholds used to trigger event reporting;

network security audit management is responsible for:

the selection of events to be logged and/or remotely collected;

the enabling and disabling of audit trail logging of selected events;

the remote collection of selected audit records; and

the preparation of security audit reports;

network security recovery management is responsible for:

maintenance of the rules used to react to real or suspected security violations;

the remote reporting of apparent violations of system security; and

security administrator interactions.

Network security service management focuses on specific network security services and is expected to typically (but not exhaustively) include the following activities on a per service basis:

determination and assignment of the target security protection for the service;

assignment and maintenance of rules for the selection (where alternatives exist) of the specific security mechanism to be employed to provide the requested security service;

negotiation (locally and remotely) of available security mechanisms which require prior management agreement;

invocation of specific security mechanisms via the appropriate security mechanism management function, for example, for the provision of administratively imposed security services; and

interaction with other security service management functions and security mechanism management functions.

Network security mechanism management focuses on specific network security mechanisms and is expected to typically (but not exhaustively) include the following activities on a per mechanism basis:

key management is responsible for:

generating keys;

deciding which entities should receive a copy of each key; and

making available, or distributing keys, in a secure manner.While noting that some key management functions, such as the physical distribution of keys, may occur outside of network security management functions, the exchange of session keys used during an association is a normal protocol layer function and utilize a key distribution center (KDC) or functions pre-distributed via management protocols.

encipherment management is responsible for:

interaction with key management;

establishment of cryptographic parameters; and

cryptographic synchronization;

digital signature management is responsible for:

interaction with key management;

establishment of cryptographic parameters and algorithms; and

use of protocols between communicating entities and possibly a third party;

access control management is responsible for distribution of security attributes and parameters along with access control lists (ACLs) or capabilities lists;

data integrity management is responsible for:

interaction with key management;

negotiation of cryptographic parameters and algorithms; and

use of protocol between communicating entities;

authentication management is responsible for distribution of descriptive information, passwords, or keys to entities required to perform authentication;

traffic padding management is responsible for maintenance of rules used for traffic padding, such as data rates, message characteristics (i.e., length), and variation of these rules based on attributes such as time of day or calendar;

routing control management is responsible for definition of links or sub-networks considered to be either secured or trusted with respect to particular criteria; and

notarization management is responsible for distribution of information about notaries and the protocols and interactions between notaries and a notary and other entities.

Although X.800 was developed specifically as a communications security architecture, the underlying concepts have broader applicability representing the first international consensus on the definitions of basic security services (Authentication, Access Control, Data Confidentiality, Data Integrity, and Non-repudiation) along with more general (pervasive) services such as Trusted Functionality, Event Detection, and Security Audit and Recovery.

Following the development of X.800, the need for additional related communications security standards was identified. As a result, work on a number of supporting standards and complementary architectural recommendations was initiated. Some of these recommendations are discussed next.

1.2.4 The Security Frameworks (ITU-T X.810–ITU-T X.816)

The security frameworks were developed to provide comprehensive and consistent descriptions of the security services defined in X.800. They were intended to address all aspects of how the X.800 security services could be applied in the context of a specific security architecture, including possible future security architectures. The frameworks focus on providing protection for systems, objects within systems, and interaction between systems. They do not address the methodology for constructing systems or security mechanisms.

The frameworks address both data elements and sequences of operations (excluding protocol elements) that are used to obtain specific security services. These services may apply to the communicating entities of systems as well as to data exchanged between, and managed by, systems.

1.2.4.1 The Security Framework Overview (X.810).17

The Security Framework Overview introduces the other frameworks and describes common concepts, including security domains, security authorities, and security policies that are used in all the frameworks. It also describes a generic data format that can be used to convey both authentication and access control information securely.

1.2.4.2 The Authentication Framework (X.811).18

The Authentication Framework occupies a position at the top of a hierarchy of authentication standards that provide concepts, nomenclature, and a classification for authentication methods. This framework defines the basic concepts of authentication, identifies possible classes of authentication mechanism, defines the services for these classes of mechanism, identifies functional requirements for protocols to support these classes of mechanism, and identifies the general management requirements for authentication.

1.2.4.3 The Access Control Framework (X.812).19

The Access Control Framework describes a model that includes all aspects of access control in Open Systems, the relationship to other security functions (such as Authentication and Audit), and the management requirements for Access Control.

1.2.4.4 The Non-repudiation Framework (X.813).20

The Non-repudiation Framework extends the concepts of non-repudiation security services as described in X.800 and provides a framework for the development of these services. It also identifies possible mechanisms to support these services and general management requirements for non-repudiation.

1.2.4.5 The Confidentiality Framework (X.814).21

The purpose of the confidentiality service is to protect information from unauthorized disclosure. The Confidentiality Framework addresses the confidentiality of information in retrieval, transfer, and management by defining the basic concepts of confidentiality, defining the possible classes of confidentiality and the facilities required for each class of confidentiality mechanism, identifying the management and supporting services required, and addressing the interaction with other security services and mechanisms.

1.2.4.6 The Integrity Framework (X.815).22

The Integrity Framework addresses the integrity of data in information retrieval, transfer, and management. This recommendation defines the basic concepts of integrity, identifies possible classes of integrity mechanism and the facilities for each class of mechanism, identifies management required to support each class of mechanism, and addresses the interaction of the integrity mechanism and the supporting services with other security services and mechanisms.

1.2.4.7 The Audit and Alarms Framework (X.816).23

The Audit and Alarms Framework defines the basic concepts and provides a general model of security audit and alarms, identifies the criteria for a security audit and for raising alarms, identifies possible classes of audit and alarm mechanisms, defines the services for these classes of mechanisms, identifies functional requirements to support these mechanisms, and identifies general management requirements for security audit and alarms.

1.2.4.8 Applicability of the ITU-T Security Frameworks.

Unfortunately, these seven documents have received little attention since they were published. What has happened is that only the concepts directly contained within the original X.800 document have received general acceptance. In 2003, the ITU-T published X.805 as an updated security architecture meant to supersede X.800, and most standards developed after this document routinely reference and build upon X.805 rather than X.800 or the X.810 through X.816 framework documents. So we need to examine X.805.

1.2.5 The ITU-T X.805 Approach to Security

ITU-T X.80524 attempts to define a security architecture for providing end-to-end network security by building on some of the concepts of X.800. The functionality of the basic security services of X.800 (Access Control, Authentication, Data Confidentiality, Data Integrity, and Non-repudiation) matches the functionality of what X.805 refers to as Security Dimensions. However, X.805 proceeds to introduce three new Communications Security, Availability, and Privacy Security Dimensions that are not consistent with X.800. Nor does X.805 build on, use, or even reference the security frameworks (X.810–X.816). X.805 relies on two major concepts: layers and planes.

The three layers are Infrastructure layer, Services layer, and Applications layer. The Infrastructure layer consists of the network transmission facilities as well as individual network elements (NEs). Examples of components that belong to the Infrastructure layer are individual routers, switches and servers, as well as the communication links between them. The Services layer addresses security of network services that are offered to customers. The Application layer addresses requirements of the network-based applications used by the customers.

X.805 also defines three Security planes to represent the three types of protected activities that take place on a network, namely, (i) the Management plane, (ii) the Control plane, and (iii) the End-User plane. These Security planes address specific security needs associated with network management activities, network control or signaling activities, and end-user activities correspondingly. The Management plane is concerned with Operations, Administration, Maintenance, and Provisioning (OAM&P) activities such as provisioning a user or a network, etc. The Control plane is associated with the signaling aspects for setting up (and modifying) the end-to-end communication through the network irrespective of the medium and technology used in the network. The End-User plane addresses security of access and use of the network by customers as well as protecting end-user data flows. However, X.805 cannot:

be used as the basis of a security assessment as X.805 only talks about generic security objectives, not security requirements; nor does it provide any specific criteria for such an assessment;

be used for maintaining, or reviewing, a security program over time as a specific security environment changes; also, it does not provide any specific criteria for security program review; and

assist in the management of security policies and procedures, incident response and recovery plans, and technology architectures as it does not discuss security policy, operational procedures, business continuity, or technology architectures in a detailed manner.

1.3 NETWORK AND SECURITY MANAGEMENT SYSTEMS

From the 1960s up to almost the end of the 1980s, data network and computer management was considered a local computer administrative activity with virtually no capabilities for remote administration. This was not an unreasonable view considering that commercial/business computer-oriented networking was primarily a computer-to-computer activity with little network-oriented equipment being used beyond modems throughout this period. However, by 1989, there were four commercial products that targeted the management of networks:

International Business Machine’s (IBM) Netview;

Digital Equipment Corporation’s (DEC) Enterprise Management Architecture (EMA);

American Telephone & Telegraph (

AT

&

T

) Bell Laboratory’s Unified Network Management Architecture (UNMA); and

Hewlett Packard Corporation’s (HP) OpenView.

Netview was primarily IBM System Network Architecture (SNA) network centric with meager management capabilities for non-SNA network technologies. DEC’s EMA was primarily a Digital Networking (DECnet) tool along with providing a framework that could incorporate third-party management and interface functionality. AT&T’s UNMA never progressed much beyond initial product introductions. HP’s OpenView was based on the use of the IETF’s Simple Network Management Protocol (SNMP) to make it vendor independent and has evolved into one of the more commercially successful heterogeneous management products available.

1.3.1 Element and Network Management Systems

During the 1990s, with the growth of LAN deployments, two categories of packet network applications evolved: the Element Management System (EMS) and the Network Management System (NMS). EMS products are typically developed by network equipment manufacturers for the remote administration of their own products and usually products with identical capabilities (as shown in Figure 1.9), whereas NMS products are intended for the administration products from diverse manufacturers (as shown in Figure 1.10). These EMS and NMS applications were initially designed to execute on “minicomputers” and workstations and are now frequently found on personal computer systems.

1.3.2 Operations Support Systems

Within the PSTN world, administration was primarily a local telephone switch activity. Not until the late 1980s did telephone network operating companies begin to deploy intelligent networking equipment such as subscriber line/loop concentrators and remote switching units outside of the telephone central office (CO) where the main telephone switch was located. The major public telephone companies developed a number of mainframe-computer-based applications for managing their deployed telephone switch assets, access circuits, inter-CO links, directories, billing, and expansion planning. Some of these administrative applications included, just to name a few:

TIRKS, LFACS, SWITCH for Inventory Control;

SOAC for Service Request and Performance Administration; and

LMOS and MLT for Trouble Resolution.

(Note that these are defined in Table 1.5.)

These administrative applications were routinely referred to as Operations Support Systems (OSSs) and provided multiple, and sometimes over-lapping, capabilities and complex interfaces, as depicted in Figure 1.11. Although a number of international standards documents have introduced the term Operations System (OS), many people use the term OSS, and this book follows the OSS convention, especially since the term OS is routinely associated with operating systems.

Many of these OSSs were created in the early to mid-1980s and continue as “cornerstone” management, administrative, and control systems.

Telecommunications Service Providers (SPs) developed a diverse suite of management systems (OSSs) over the last 25 plus years to support the major PSTN Operation, Administration, Maintenance and Provisioning (OAM&P) activities, where:

In a traditional telecommunications network infrastructure, there is no distinction made between telecommunications transport services and “higher-level” application services, and therefore provisioning has spanned configuring systems, providing users with access to data and resources, and refers to all enterprise-level information resource management involved. Most PSTN SPs organize their OSSs as shown in Table 1.4.

As can quickly be seen in Table 1.4, many of these OSSs are involved in a number of different functional activities, such as TIRKS and SWITCH. Table 1.5 provides brief description of the more common OSSs used by PSTN Service Providers (SPs).

1.4 EVOLUTION OF NETWORK AND SECURITY MANAGEMENT CONCEPTS

How have management concepts evolved from those first presented in X.800. It was recognized that management systems need to be deployed in an organized manner. Figure 1.11 illustrates how the companies responsible for the PSTN had developed numerous management systems which frequently included proprietary functions and interfaces to the devices they were responsible for controlling and managing. This recognition was a driving factor for the development of ITU-T M.301025 in 1996 and ITU-T M.340026 in 1997 (both revised in 2000).

1.4.1 Telecommunications Management Network