Page 92 - 2015 Security in Telecommunications and Information Technology
P. 92
SECURITY IN TELECOMMUNICATIONS AND INFORMATION TECHNOLOGY
9.7.1 Security alarm reporting function
Alarm reporting is a key function in management interfaces. When a failure is detected, either as a result of
operational issues (e.g., a failure of the circuit pack or a violation of the security policy) an alarm is reported
to the managing system. The alarm reports include a number of parameters so that the managing system is able
to determine the cause of the failure and take corrective action. The parameters for any event include a
mandatory field called event type and a set of other fields referred to as event information. The latter consists
of information such as the severity of the alarm, probable causes of the alarm and the detector of the security
violation. The alarm causes are associated with event types as shown in Table 7.
Table 7 – Security alarm causes
Event type Security alarm causes
integrity violation duplicate information
information missing
information modification detected
information out of sequence
unexpected information
operational violation denial of service
out of service
procedural error
unspecified reason
physical violation cable tampering
intrusion detection
unspecified reason
security service or mechanism violation authentication failure
breach of confidentiality
non-repudiation failure
unauthorized access attempt
unspecified reason
time domain violation delayed information
key expired
out of hours activity
These causes are explained further in Recommendation ITU-T X.736.
9.7.2 Security audit trail function
A security audit trail is used to record security-related events and, in particular, security violations. Security-
related events can include connections, disconnections, security mechanism utilizations, management
operations and usage accounting. The Security audit trail function is defined in Recommendation ITU-T
X.740.
9.7.3 Access control for managed entities
A very detailed definition of the model associated with assigning access control to various managed entities is
described in Recommendation ITU-T X.741. The requirements satisfied by this Recommendation include:
protecting management information from unauthorized creation, deletion and modification; ensuring
operations are consistent with the access rights for the initiators of the operations; and preventing the
transmission of management information to unauthorized recipients. Various levels of access control are
70 Securing the network infrastructure
