Systems Engineering Approach to Security Baseline for Telecommunications Network Nodes

smileybloatΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

69 εμφανίσεις

Systems Engineering Approach to Security Baseline for Telecommunications
Network Nodes


Logical Security Checklist

Question

Yes/No

If No,

Why not?

Is security addressed across the entity's entire network?



Are Critical Common Environments defined and
isolated (e.g. by firewall
perimeters) to limit access to authorized processes and users?



If fire walls are deployed are they placed around the "perimeter" or
perimeters critical components, NEs, NSs and OSs?



Are software changes controlled and verif
ied to maintain the established
security perimeter?



Has a security baseline been established for Network Elements, NEs,
Network Systems, NSs, and Operations Support Systems, OSs and Data
Communication Network DCNs?



Is that baseline specified or refer
enced in procurement RFPs and contracts?



Do new NEs, NSs, OSs and DCNs meet those requirements?



Are organizational responsibilities for network security defined?



Is that responsibility clearly placed within common network management
reporting envi
ronment?



Is security part of the defined responsibilities for the personnel that monitor,
maintain and control various network components?



Are all network connectivity and network mappings documented?



If documented, has the connectivity been verif
ied?



Have the following generic counter measures been implemented for all key
nodes (NEs, NSs and OSs):



Assignment of command privileges to each class of user by functional
responsibility, to allow the power to get the job done, while reserving
special power (e.g., the ability to change user passwords) to the security
administrator ?



Use of (COMPLIANT) commercially
-
available access
-
control systems (e.g.,
dial
-
back modems that do not utilize a pass
-
through feature) to secure
remote access to n
odes?



Use of encryption equipment at each end of an OAM&P access session
which transits an open PPSN?



Use of available access control software at the host system?



Use of established access procedures and security routines (e.g., periodic re
-
author
ization of users and the use of security tools)?



Elimination of uncontrolled dial access?



Controlled access for vendor support?



Controlled access to dial
-
in protocol analyzers on the signaling links and
X.25 facilities between nodes?



Intrusion

recovery plans for the entity's nodes?



Security on the gateway screening tables?



Adequate security on the node restart capability?



Adequate security on vendor
-
specific node restart procedures?



Back
-
up tapes and media available and secured off
-
site?