3 Management Functional Areas
Last update
PvD
3.6 SM
Security Management
[M.3400]: The functions contained within Security Management (SM) may differ from administration to administration. The purpose of this section is to list some of the aspects of security access relating to management information that may be taken into account. Security management will include:
- Horizontal Access Security: a customer should be permitted to manage only those domains belonging to that customer {i.e. functional domain}.
- Vertical Access Security: a customer may be permitted to establish and modify the privileges of restricted login user types which are allowed access to only specified subsets of the customer's full capabilities {i.e. logical domain}.
- Audit trails: a customer may have access to usage and security event information.
- Security Alarms: a customer may have access to security alarms which indicate security attacks.
- Test Audit Trail Mechanism: the TMN requests audit trail mechanism test for data integrity.
- Report Audit Actions: the TMN requests the NE to report on actions involving, for example, identification, authentication, user address space actions and administrative issues.
- Management of Audit Trails: a customer may establish and configure audit trails and security alarms reporting mechanism.
- Intrusion Recovery: a customer may be permitted access to backup files in order to restore service after a security violation.
- Request Credentials Information: the NE requests the TMN for credentials and/or all related information.
- Send Credentials Information: The TMN sends to the NE its credentials and related information as requested.
- Report Authentication Results: the NE reports to the TMN the results of an authentication activity.
Security Management is more than AAA (Authentication, Authorisation, Accounting); it extends to service (business) security. It is commonly characterised by (CIA):
- Confidentiality (privacy, no eavesdropping);
- Integrity (correctness, tamper free);
- Accessibility (available for use).
It concerns:
- creation, deletion and control of security services and mechanisms;
- the distribution of security-relevant information; and
- the reporting of security-relevant events.
Particular operations (transaction types) on particular data (record fields, object attributes) by particular users should be controlled: potentially denied and/or potentially audited. This requires that all (global) operations/data/users should be controlled and checked.
Typically, one discerns domains and transactions:
- Network Access Domain (NAD):
- physical or logical domain (area of responsibility, e.g. a region or subnetwork);
- Functional Access Domain (FAD):
- transaction capability (e.g. create/delete/read/modify/write, start/stop, etc.) on a functional application area (skills related, e.g. subscriber administration, routing, maintenance (multiple levels), billing, customers (CNM), etc).
Actors (operators, processes) get an authorisation profile related to their responsibilities/skills for a particular network domain, like customer sales representatives, equipment maintenance, etc. Obviously, the FADs are also determined by the operator's business processes.
Fraud detection and prevention is of increasing importance. It is the fight against unauthorised use of the network (e.g. through stolen mobile phones) and unauthorised 'management' of the network (e.g. one of the human operators exceeding his authorisation, via Customer Network Management, and hacking). It involves Accounting and Configuration Management, and risk management (contingency planning). Auditing (e.g. who has last changed a particular attribute) and policing (surveillance) prove to be very useful, even though it is detection after the fact.
The following table may help to determine the level of countermeasures:
| Impact
(recovery costs) |
| low | high |
|---|
Occurance
(risk probability) | low | Ignore | Recover |
|---|
| high | Detect | Prevent |
|---|
=O=