Scribd Logo
Upload

Welcome to Scribd!

  • As NZS ISO IEC 18028.2-2006 Information Technology - Security Techniques - IT Network Security Network Securi

    Uploaded by

    SAI Global - APAC
    94 views8 pages
    Standards Preview PDFs from SAI Global InfoStore

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Standards Preview PDFs from SAI Global InfoStore

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    94 views8 pages

    As NZS ISO IEC 18028.2-2006 Information Technology - Security Techniques - IT Network Security Network Securi

    Uploaded by

    SAI Global - APAC
    Standards Preview PDFs from SAI Global InfoStore

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    AS/NZS ISO/IEC 18028.

    2:2006
    ISO/IEC 18028-2:2006

    AS/NZS ISO/IEC 18028.2:2006


    This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

    Australian/New Zealand Standard


    Information technologySecurity techniquesIT network security Part 2: Network security architecture

    AS/NZS ISO/IEC 18028.2:2006 This Joint Australian/New Zealand Standard was prepared by Joint Technical Committee IT-012, Information Systems, Security and Identification. It was approved on behalf of the Council of Standards Australia on 23 June 2006 and on behalf of the Council of Standards New Zealand on 30 June 2006. This Standard was published on 4 August 2006.

    The following are represented on Committee IT-012: Attorney Generals Department Australian Association of Permanent Building Societies Australian Bankers Association Australian Chamber Commerce and Industry Australian Electrical and Electronic Manufacturers Association Certification Forum of Australia Department of Defence Department of Social Welfare, NZ Government Communications Security Bureau, NZ Internet Industry Association NSW Police Service New Zealand Defence Force Reserve Bank of Australia

    This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

    Keeping Standards up-to-date


    Standards are living documents which reflect progress in science, technology and systems. To maintain their currency, all Standards are periodically reviewed, and new editions are published. Between editions, amendments may be issued. Standards may also be withdrawn. It is important that readers assure themselves they are using a current Standard, which should include any amendments which may have been published since the Standard was purchased. Detailed information about joint Australian/New Zealand Standards can be found by visiting the Standards Web Shop at www.standards.com.au or Standards New Zealand web site at www.standards.co.nz and looking up the relevant Standard in the on-line catalogue. Alternatively, both organizations publish an annual printed Catalogue with full details of all current Standards. For more frequent listings or notification of revisions, amendments and withdrawals, Standards Australia and Standards New Zealand offer a number of update options. For information about these services, users should contact their respective national Standards organization. We also welcome suggestions for improvement in our Standards, and especially encourage readers to notify us immediately of any apparent inaccuracies or ambiguities. Please address your comments to the Chief Executive of either Standards Australia or Standards New Zealand at the address shown on the back cover.

    This Standard was issued in draft form for comment as DR 06258.

    AS/NZS ISO/IEC 18028.2:2006

    Australian/New Zealand Standard


    This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

    Information technologySecurity techniquesIT network security Part 2: Network security architecture

    First published as AS/NZS ISO/IEC 18028.2:2006.

    COPYRIGHT Standards Australia/Standards New Zealand All rights are reserved. No part of this work may be reproduced or copied in any form or by any means, electronic or mechanical, including photocopying, without the written permission of the publisher. Jointly published by Standards Australia, GPO Box 476, Sydney, NSW 2001 and Standards New Zealand, Private Bag 2439, Wellington 6020

    ISBN 0 7337 7666 3

    ii

    PREFACE
    This Standard was prepared by the Joint Standards Australia/Standards New Zealand Committee IT-012, Information Systems, Security and Identification. The objective of this Standard is to provide detailed guidance on the security aspect of the management operation use of IT networks, and their inter-connections. Those individuals within an organization that are responsible for IT security in general, and IT network security in particular, should be able to adapt the materials in AS/NZS 18028 to meet their specific requirements. This Standard is particularly relevant to all personnel who are involved in the planning, design and implementation of the architectural aspects of network security (for example IT network managers, administrators, engineers and IT network security officers).
    This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

    This Standard is identical with, and has been reproduced from ISO/IEC 18028-2:2006, Information technologySecurity techniquesIT network securityPart 2: Network security architecture. As this Standard is reproduced from an international standard, the following applies: (a) (b) (c) Its number appears on the cover and title page while the international standard number appears only on the cover. In the source text this part of ISO/IEC 18028 should read this Australian/New Zealand Standard. A full point substitutes for a comma when referring to a decimal marker.

    References to International Standards should be replaced by references to Australian or Australian/New Zealand Standards, as follows: Reference to International Standard ISO 7498 Information processing systems Open Systems Interconnection Basic Reference Model 7498-2 Part 2: Security Architecture Australian/New Zealand Standard AS 2777 Information processing systems Open systems interconnection Basic reference model 2777.2 Part 2: Security architecture

    Only international references that have been adopted as Australian on Australian/New Zealand Standards have been listed.

    iii

    Contents

    CONTENTS

    Page

    Page Foreword............................................................................................................................................................ iv Introduction ........................................................................................................................................................ v 1 2 3 4 5 6 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 7 7.1 7.2 7.3 8 8.1 8.2 8.3 9 10 10.1 10.2 10.3 Scope ..................................................................................................................................................... 1 Normative references ........................................................................................................................... 1 Terms and definitions........................................................................................................................... 1 Abbreviations ........................................................................................................................................ 2 Reference Architecture for network security..................................................................................... 3 Security Dimensions ............................................................................................................................ 3 Access Control Security Dimension................................................................................................... 4 Authentication Security Dimension .................................................................................................... 4 Non-repudiation Security Dimension ................................................................................................. 4 Data Confidentiality Security Dimension ........................................................................................... 4 Communication Flow Security Dimension......................................................................................... 4 Data Integrity Security Dimension ...................................................................................................... 4 Availability Security Dimension .......................................................................................................... 4 Privacy Security Dimension ................................................................................................................ 5 Security Layers ..................................................................................................................................... 5 The Infrastructure Security Layer ....................................................................................................... 6 The Services Security Layer................................................................................................................ 6 The Applications Security Layer ......................................................................................................... 6 Security Planes ..................................................................................................................................... 6 The Management Security Plane......................................................................................................... 7 The Control Security Plane.................................................................................................................. 7 The End-User Security Plane............................................................................................................... 7 Security threats..................................................................................................................................... 8 Description of the objectives achieved by application of Security Dimensions to Security Layers .................................................................................................................................................... 9 Infrastructure Security Layer............................................................................................................. 11 Services Security Layer ..................................................................................................................... 14 Applications Security Layer .............................................................................................................. 17

    This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

    Bibliography ..................................................................................................................................................... 21

    ISO/IEC 2006 All rights reserved

    iii

    iv INTRODUCTION

    ISO/IEC 18028-2:2006(E)

    Introduction
    The telecommunications and information technology industries are seeking cost-effective comprehensive security solutions. A secure network should be protected against malicious and inadvertent attacks, and should meet the business requirements for confidentiality, integrity, availability, non-repudiation, accountability, authenticity and reliability of information and services. Securing a network is also essential for maintaining the accuracy of billing or usage information as appropriate. Security capabilities in products are crucial to overall network security (including applications and services). However, as more products are combined to provide total solutions, the interoperability, or the lack thereof, will define the success of the solution. Security must not only be a thread of concern for each product or service, but must be developed in a manner that promotes the interweaving of security capabilities in the overall end-to-end security solution. Thus, the purpose of ISO/IEC 18028 is to provide detailed guidance on the security aspects of the management, operation and use of IT networks, and their inter-connections. Those individuals within an organization that are responsible for IT security in general, and IT network security in particular, should be able to adapt the material in ISO/IEC 18028 to meet their specific requirements. Its main objectives are as follows: in ISO/IEC 18028-1, to define and describe the concepts associated with, and provide management guidance on, network security including on how to identify and analyse the communications related factors to be taken into account to establish network security requirements, with an introduction to the possible control areas and the specific technical areas (dealt with in subsequent parts of ISO/IEC 18028); in ISO/IEC 18028-2, to define a standard security architecture, which describes a consistent framework to support the planning, design and implementation of network security; in ISO/IEC 18028-3, to define techniques for securing information flows between networks using security gateways; in ISO/IEC 18028-4, to define techniques for securing remote access; in ISO/IEC 18028-5, to define techniques for securing inter-network connections that are established using virtual private networks (VPN).

    This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

    ISO/IEC 18028-1 is relevant to anyone involved in owning, operating or using a network. This includes senior managers and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for Information Security (IS) and/or network security, network operation, or who are responsible for an organization's overall security programme and security policy development. ISO/IEC 18028-2 is relevant to all personnel who are involved in the planning, design and implementation of the architectural aspects of network security (for example IT network managers, administrators, engineers, and IT network security officers). ISO/IEC 18028-3 is relevant to all personnel who are involved in the detailed planning, design and implementation of security gateways (for example IT network managers, administrators, engineers and IT network security officers). ISO/IEC 18028-4 is relevant to all personnel who are involved in the detailed planning, design and implementation of remote access security (for example IT network managers, administrators, engineers, and IT network security officers). ISO/IEC 18028-5 is relevant to all personnel who are involved in the detailed planning, design and implementation of VPN security (for example IT network managers, administrators, engineers, and IT network security officers).

    ISO/IEC 2006 All rights reserved

    INTERNATIONAL STANDARD

    ISO/IEC 18028-2:2006(E)

    AUSTRALIAN/NEW ZEALAND STANDARD

    Information technology Security techniques IT network security Part 2: Network security architecture

    This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

    Scope

    This part of ISO/IEC 18028 defines a network security architecture for providing end-to-end network security. The architecture can be applied to various kinds of networks where end-to-end security is a concern and independently of the network's underlying technology. The objective of this part of ISO/IEC 18028 is to serve as a foundation for developing the detailed recommendations for the end-to-end network security.

    Normative references

    The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 7498-2:1989, Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture CCITT Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications

    Terms and definitions

    For the purposes of this document, the following terms defined in ISO 7498-2:1989 CCIT Rec. X.800 apply. 3.1 access control prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner 3.2 data origin authentication corroboration that the source of data received is as claimed 3.3 peer-entity authentication corroboration that a peer entity in an association is the one claimed 3.4 availability property of being accessible and useable upon demand by an authorized entity

    ISO/IEC 2006 All rights reserved

    COPYRIGHT

    This is a free preview. Purchase the entire publication at the link below:

    This is a free 7 page sample. Access the full version at http://infostore.saiglobal.com.

    AS/NZS ISO/IEC 18028.2:2006, Information technology - Security techniques - IT network security Network security architecture

    Looking for additional Standards? Visit SAI Global Infostore Subscribe to our Free Newsletters about Australian Standards in Legislation; ISO, IEC, BSI and more Do you need to Manage Standards Collections Online? Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation Do you want to know when a Standard has changed? Want to become an SAI Global Standards Sales Affiliate? Learn about other SAI Global Services: LOGICOM Military Parts and Supplier Database Metals Infobase Database of Metal Grades, Standards and Manufacturers Materials Infobase Database of Materials, Standards and Suppliers Database of European Law, CELEX and Court Decisions

    Need to speak with a Customer Service Representative - Contact Us

    You might also like