Internet DRAFT - draft-zhuang-sacm-telereq
draft-zhuang-sacm-telereq
SACM Working Group X. Zhuang
Internet Draft M. Qi
Intended status: Informational J. Zhu
Expires: September 20, 2014 China Mobile
March 20, 2014
Telecommunication Requirement
draft-zhuang-sacm-telereq-01
Abstract
This memo documents describes an additional use case based on
telecommunication scenario which is also fit for common enterprise scenario
Status of this Memo
This Internet-Draft is submitted in full conformance with the provisions of
BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and
may be updated, replaced, or obsoleted by other documents at any time. It
is inappropriate to use Internet-Drafts as reference material or to cite
them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on August 8, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the document
authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions
Relating to IETF Documents (http://trustee.ietf.org/license-info)
Zhuang Expires Auguet 8, 2014 [Page 1]
Internet-Draft Telecommunication Requirement Feb 2014
in effect on the date of publication of this document. Please review these
documents carefully, as they describe your rights and restrictions with
respect to this document.
Table of Contents
1. Introduction .....................................................2
2. Conventions used in this document ................................2
3. Problem Statement ................................................2
3.1 Background of telecommunication device use cases ................2
3.2 problem statement ...............................................3
4. New use cases for telecommunication equipment ....................4
4.1. security policy Guidance setting ...............................4
5. Security Considerations ..........................................4
6. IANA Considerations ..............................................5
7. Conclusions ......................................................5
8. References .......................................................6
8.1. Normative References ...........................................6
8.2. Informative References .........................................6
1. Introduction
SACM will create a protocol for security assessment about network devices
in enterprise scenario. Under telecommunication use scenario research,
According to the telecommunication operator's operation experience, it
proposes a new security use case to cover telecommunication devices. This
use case can also fit for other the enterprise's scenario.
2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119].
In this document, these words will appear with that interpretation only
when in ALL CAPS. Lower case uses of these words are not to be interpreted
as carrying RFC-2119 significance.
3. Problem Statement
3.1 Background of telecommunication device use cases
Operator network can also be regarded as a kind of enterprise network.Due
to the large number of telecommunications equipment, it will bring a lot of
Zhuang Expires Auguet 8, 2014 [Page 2]
Internet-Draft Telecommunication Requirement Feb 2014
work to check compliance of the equipment during the operation and
maintenance phase. what's more, negligent operation and maintenance
personnel may lead to wrong configuration, causing some bad consequences,
such as device system paralysis, abnormal operation of the network and so
on. Therefore, implementation of telecommunication equipments also needs an
automated check.
3.2 problem statement
Although the use cases of SACM are only for enterprise in the endpoint.The
use cases of SACM focus on enterprise scenario in the endpoint. The
operator network can also be regarded as a kind of enterprise network. The
current use case can also be used in the operator network.However, when we
want to take analysis on telecommunication network under current scenario,
some gaps are existed.
Lack of security posture assessment Guidance setting for requirements
combined with common requirement part and alternative requirement part. In
telecommunication network, due to same kind of network equipment could be
numerous and distributed deployed, a issue will be raised that this kind of
devices could be bought from different manufacturers. These manufactures
have different development processes and technical system. So they could
use different mechanisms and different parameters to fulfill the same main
requirement of device. In order to ensure the correctness implementation,
it is necessary to make different alternative detailed safety requirements
for different implementations.
For example, a device needs to ensure the secure communications with
others, so a main requirement is defined as "using the safe channel to
transmit data". The manufacturers could use TLS and IPsec to achieve the
goals when they build up their devices. So some alternative detailed
definitions should be attached after the main requirements: When the device
uses TLS based mechanism to meet such requirement, the certificates should
be used as the credential in TLS handshake. When the device uses IPsec
instead, the pre-shared key should be used as the credential in IKEv2.
So a requirement Guidance can be expressed in this way: The devices should
use the safe channel to transmit data. When the device uses TLS, the
certificates should be used as the credential of the qualification process
of the TLS handshake. And when the device uses IPsec, the pre-shared key
Zhuang Expires Auguet 8, 2014 [Page 3]
Internet-Draft Telecommunication Requirement Feb 2014
should be used as the credential of negotiation process of IKEv2. In the
current use case draft, it couldn't be found about the description for
this kind of Guidance. This problem mainly caused by using different ways
to meet the same main requirement. It means this kind of Guidance
requirement is also fit for other enterprise that owns the large and
distributed enterprise networks.
4 New use cases for telecommunication equipment
4.1 security policy Guidance setting
This use case describes the process of setting security policy Guidance
of the telecommunication equipment.
The building blocks of this use case are:
o General Security policy Guidance setting: based on security policy
Guidance input and their own business experience, operators set a
common security policy Guidance, including the administrator's
password length, the effective time and so on.
o Specific security policy Guidance setting: Operators set security
policy Guidance for devices according to the specific features and
deployment environment.
5. Security Considerations
TBD
Zhuang Expires Auguet 8, 2014 [Page 4]
Internet-Draft Telecommunication Requirement Feb 2014
6. IANA Considerations
There are no IANA considerations associated to this memo.
Zhuang Expires Auguet 8, 2014 [Page 5]
Internet-Draft Telecommunication Requirement Feb 2014
7. Conclusions
TBD
Zhuang Expires Auguet 8, 2014 [Page 6]
Internet-Draft Telecommunication Requirement Feb 2014
8. References
8.1. Normative References
8.2. Informative References
Authors' Addresses
Xiaojun Zhuang
China Mobile
Unit 2, 32 Xuanwumenxi Ave,
Xicheng District,
Beijing 100053, China
Email: zhuangxiaojun@chinamobile.com
Minpeng Qi
China Mobile
Unit 2, 32 Xuanwumenxi Ave,
Xicheng District,
Beijing 100053, China
Email: qiminpeng@chinamobile.com
Judy Zhu
China Mobile
Unit 2, 32 Xuanwumenxi Ave,
Xicheng District,
Beijing 100053, China
Email: Zhuhongru@chinamobile.com
Zhuang Expires Auguet 8, 2014 [Page 7]
