OIF Establishes Security for UNI and NNI
For the transport/optical networking folks. Come to think of it, it is suprising that this hadn't been tackled soon, given the potential consequences of a compromised UNI, and given that UNI 1.0 was settled upon back in early 2001 or so. -TD FREMONT, Calif. -- In the wake of its quarterly meeting in Scottsdale, Arizona last week, the Optical Internetworking Forum (OIF) announced approval of the Security Extension for the User-to-Network Interface (UNI) and Network-to-Network Interface (NNI) Implementation Agreement (IA). The IA is the result of the combined efforts of the OIF's Architecture Working Group (WG), Carrier WG, Signaling WG and Operations Administration, Maintenance, & Provisioning (OAM&P) WG. The IA focuses on security for management interfaces and the auditing and logging of optical transport network elements. "Work on this implementation agreement began by identifying carriers' security requirements and then evaluating alternative solutions," said Joe Berthold, CIENA Corporation, president of the OIF. "The Security Extension IA is an example of multiple OIF working groups collaborating to better the industry." The Security IA defines a common extension for securing the protocols used in the UNI 1.0 IA and the UNI 2.0 and NNI works in progress. The IA was written to provide a common set of security mechanisms required to protect the signaling and routing of optical connections. These mechanisms safeguard transport networks against attacks that may compromise their control planes, seek unauthorized use of their resources or attempt to gain unauthorized information about their configuration and usage. To counter these threats, the IA was developed to protect the UNI signaling control channel(s). The Security Extension IA provides options for more extended coverage, defines a common method to secure additional protocols, allows compatibility between UNI and NNI security and reduces the need for manual intervention. The IA defines an optional-to-implement profile of the IETF's IPsec so signaling protocols that can be protected with mutual authentication, key management, message integrity, replay detection and confidentiality in a standard, widely-implemented, interoperable manner. _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
participants (1)
-
Tyler Durden