OIF Establishes Security for UNI and NNI
Tyler Durden
camera_lumina at hotmail.com
Thu May 15 12:10:15 PDT 2003
For the transport/optical networking folks.
Come to think of it, it is suprising that this hadn't been tackled soon,
given the potential consequences of a compromised UNI, and given that UNI
1.0 was settled upon back in early 2001 or so.
-TD
FREMONT, Calif. -- In the wake of its quarterly meeting in Scottsdale,
Arizona last week, the Optical Internetworking Forum (OIF) announced
approval of the Security Extension for the User-to-Network Interface (UNI)
and Network-to-Network Interface (NNI) Implementation Agreement (IA). The IA
is the result of the combined efforts of the OIF's Architecture Working
Group (WG), Carrier WG, Signaling WG and Operations Administration,
Maintenance, & Provisioning (OAM&P) WG. The IA focuses on security for
management interfaces and the auditing and logging of optical transport
network elements.
"Work on this implementation agreement began by identifying carriers'
security requirements and then evaluating alternative solutions," said Joe
Berthold, CIENA Corporation, president of the OIF. "The Security Extension
IA is an example of multiple OIF working groups collaborating to better the
industry."
The Security IA defines a common extension for securing the protocols used
in the UNI 1.0 IA and the UNI 2.0 and NNI works in progress. The IA was
written to provide a common set of security mechanisms required to protect
the signaling and routing of optical connections. These mechanisms safeguard
transport networks against attacks that may compromise their control planes,
seek unauthorized use of their resources or attempt to gain unauthorized
information about their configuration and usage. To counter these threats,
the IA was developed to protect the UNI signaling control channel(s). The
Security Extension IA provides options for more extended coverage, defines a
common method to secure additional protocols, allows compatibility between
UNI and NNI security and reduces the need for manual intervention. The IA
defines an optional-to-implement profile of the IETF's IPsec so signaling
protocols that can be protected with mutual authentication, key management,
message integrity, replay detection and confidentiality in a standard,
widely-implemented, interoperable manner.
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus
More information about the cypherpunks-legacy
mailing list