Page 92 - 2015 Security in Telecommunications and Information Technology
P. 92

SECURITY  IN  TELECOMMUNICATIONS  AND  INFORMATION  TECHNOLOGY


            9.7.1   Security alarm reporting function

            Alarm reporting is a key function in management interfaces. When a failure is detected, either as a result of
            operational issues (e.g., a failure of the circuit pack or a violation of the security policy) an alarm is reported
            to the managing system. The alarm reports include a number of parameters so that the managing system is able
            to  determine  the  cause  of  the  failure  and  take  corrective  action.  The  parameters  for  any  event  include  a
            mandatory field called event type and a set of other fields referred to as event information. The latter consists
            of information such as the severity of the alarm, probable causes of the alarm and the detector of the security
            violation. The alarm causes are associated with event types as shown in Table 7.



                                               Table 7 – Security alarm causes


                                               Event type                   Security alarm causes

                                            integrity violation             duplicate information
                                                                             information missing
                                                                       information modification detected
                                                                          information out of sequence
                                                                           unexpected information
                                           operational violation               denial of service
                                                                                out of service
                                                                               procedural error
                                                                              unspecified reason
                                            physical violation                 cable tampering
                                                                             intrusion detection
                                                                              unspecified reason
                                   security service or mechanism violation   authentication failure
                                                                           breach of confidentiality
                                                                            non-repudiation failure
                                                                         unauthorized access attempt
                                                                              unspecified reason

                                          time domain violation              delayed information
                                                                                 key expired
                                                                             out of hours activity


            These causes are explained further in Recommendation ITU-T X.736.

            9.7.2   Security audit trail function


            A security audit trail is used to record security-related events and, in particular, security violations. Security-
            related  events  can  include  connections,  disconnections,  security  mechanism  utilizations,  management
            operations  and  usage  accounting.  The  Security  audit  trail  function  is  defined  in  Recommendation  ITU-T
            X.740.

            9.7.3   Access control for managed entities

            A very detailed definition of the model associated with assigning access control to various managed entities is
            described in Recommendation ITU-T X.741. The requirements satisfied by this Recommendation include:
            protecting  management  information  from  unauthorized  creation,  deletion  and  modification;  ensuring
            operations  are  consistent  with  the  access  rights  for  the  initiators  of  the  operations;  and  preventing  the
            transmission  of  management  information  to  unauthorized  recipients.  Various  levels  of  access  control  are
            70      Securing the network infrastructure
   87   88   89   90   91   92   93   94   95   96   97