ITU-T M.3410 PDF

This Recommendation describes the functional requirements of a security management system (SMS) that offers a centralized view for control and security oversight of a telecommunications service provider's (TSP) infrastructure. The SMS spans the management of the management security plane, the control security plane, and the end-user security plane. The TSP's infrastructure spans, at a minimum:

• Application servers (e.g., servers for mail, instant messaging, database, web, file, voice over IP (VoIP) and other applications);

• Support servers (e.g., DNS [b-IETF RFC 2181], DHCP [b-IETF RFC 2131], NTP [b-IETF RFC 1305], backup, and other infrastructure support services);

• Internetworking/transport components (e.g., multiplexers, switches, routers, transport gateways, application gateways, gateway controllers, packet-filters a.k.a. firewalls, content filters, access points, bridges, wired and wireless telephony devices and monitoring probes for QoS, and network activity, to name a few);

• End user host systems (e.g., laptop systems, desktop systems, workstations, printers, etc.); and

• Management systems (e.g., element management, network management, service management, and business management systems).

All of the above entities are referred to in this Recommendation as managed elements (MEs) from a security management perspective.

The requirements specified in this Recommendation should be applicable to a TSP's current infrastructure and also infrastructure evolution necessary for building their next generation networks (NGNs) (see [ITU-T Y.2001] and [ITU-T Y.2012]).

This Recommendation draws on an ATIS standard [b-ATIS 0300074] as a major source of information and text.

A key aspect of this Recommendation is that it defines a logical architecture and set of functionality independent of physical implementation. Functionality is defined in terms of functional entities, their logical relationships as well as aggregation of functional entities (FEs) into functional groups (FGs). Deployment and implementation of these FEs and FGs, within an infrastructure, can take many forms, such as centralized, hierarchical, distributed, or some combination of these. This Recommendation takes no stand as to the implementation of FEs and FGs in so far as implementation decisions do not have security-related ramifications. The detailed description of the interactions between FGs is not described in this Recommendation.

Annex A contains a normative proforma wherein specific SMS requirements are documented. Appendices I, II and III are informative and cover:

Appendix I: The relationship between the SMS and the security concepts covered in [ITU-T X.800].

Appendix II: The relationship between the SMS and other TSP management systems and frameworks.

Appendix III: The structure and organization of NGN networks and their growing complexity.