Dsti/iccp/cisp(2007)2/final
Yüklə 1,26 Mb. Pdf görüntüsü
|
|
Networks recognised the need to tackle a growing number and a wider variety of threats and vulnerabilities
in information networks, and called all participants, which include “governments, businesses, other organisations and individual users who develop, own, provide, manage service and use information systems and networks” to “focus on security in the development of information systems and networks”. 128
a publicly available electronic communications service must take appropriate technical and organisational measures to safeguard the security of its services”. 129
2GPP/3GPP2, are currently working to integrate security into the definition of NGN standards and protocols, in order to appropriately address security in the design phase of the new generation of networks. A set of specifications for IMS standards has been included in IMS Release 7, while TISPAN, in the preparation of its NGN Release 1, has been working on an equivalent set of specifications for broadband fixed access. TISPAN aligned its security approach with 3GPP where convergence was identified, adding TISPAN-tailored security specifications in areas where there are differences between fixed and mobile architecture. For example, pure wireline solutions do not have the same vulnerability as the mobile interface, which allows for the introduction of simplified security scenarios; on the other hand, fixed networks have to support inter-working with many sets of more or less secure protocol stacks, and with a wider variety of access technologies compared to mobile operators. In addition, user equipment vulnerability is more pronounced in fixed than in mobile networks, as users can modify their equipment without prior notice to the provider. In general, ITU Resolution X.805 on "security architecture for systems providing end-to-end communications” identified five possible threats menacing a networked environment: 130
Corruption – unauthorised tampering with an asset (an attack on integrity). Removal – theft, removal or loss of information and/or other resources (an attack on availability). Disclosure – unauthorised access to an asset (an attack on confidentiality). Interruption – network becomes unavailable or unusable (an attack on availability). The risks and vulnerabilities attract ting the attention and concerns of NGN operators at the moment seem to be mostly identity theft 131 and Denial of Service (DoS) attacks. The former directly threatens DSTI/ICCP/CISP(2007)2/FINAL
52 revenues, while the latter endangers service delivery and quality, thus impinging on the reputation of the provider. In a layered architecture, such as that of NGN, where services are separated from transport and access is enabled from multiple devices, security has to be considered at different points in the NGN architecture. In its NGN Release 1, ITU stressed the need to provide security of end-users communications across multiple-network administrative domains, 132 and identified three security layers: Infrastructure security, service security and application security. 133
NGN solutions vendors also address the problem of security at different layers. These include access security, addressing direct or indirect connectivity of networks to user equipment (UE); Intra-domain security, which is under the responsibility of the operator of the domain in question; and inter-domain security, i.e. security risks and threats associated with interconnection with untrusted and trusted 134
networks. In the latter case, security policies 135 from the originating network are usually enforced towards the destination network domain thanks to the utilisation of “Security Gateways” (SEGs), situated at the borders of different domains and communicating during interconnection. 136
IP services. Voice is a critical service which in the past has benefited from separate PSTN and mobile networks, and had a certain degree of reliability. Shifting from PSTN to IP, the existing redundancy may be lost due to network convergence, and VoIP may inherit many of the problems already experienced by TCP/IP protocol data communications, such as attacks on confidentiality, integrity, availability and authenticity. Some of the current threats include transmission of viruses and malware, eavesdropping, Denial of Service (DoS) attacks, but also power failures (see Table 6). Although operators are currently working on secure solutions for VoIP, service providers believe that it may be difficult to implement security while maintaining an appropriate level of Quality of Service, because of the burden of extra processing and the possible delay in communication transmission it may cause. 137
Yüklə 1,26 Mb. Dostları ilə paylaş:
|