• Security in Telecommunications and Information Technology – 2009
  • Preface
  • Contents
  • Acknowledgements
  • Executive Summary
  • Introduction to the 4th edition
  • 1 Introduction
    • 1.1 Purpose and scope of this manual
    • 1.2 How to use this manual
  • 2 Overview of ITU-T security activities
    • 2.1 Introduction
    • 2.2 Reference and outreach documentation
    • 2.3 Overview of major security topics and Recommendations
  • 3 Security requirements
    • 3.1 Introduction
    • 3.2 Threats, risks and vulnerabilities
    • 3.3 General security objectives for ICT networks
    • 3.4 Rationale for security standards
    • 3.5 Evolution of ITU-T security standards
    • 3.6 Personnel and physical security requirements
  • 4 Security architectures
    • 4.1 The open systems security architecture and related standards
    • 4.2 Security services
    • 4.3 Security architecture for systems providing end-to-end communications
      • 4.3.1 Elements of the ITU-T X.805 architecture
      • 4.3.2 Availability of the network and its components
    • 4.4 Implementation guidance
    • 4.5 Some application-specific architectures
      • 4.5.1 Peer-to-peer communications
      • 4.5.2 Security architecture for message security in mobile web services
    • 4.6 Other network security architectures and models
  • 5 Aspects of security management
    • 5.1 Information security management
    • 5.2 Risk management
    • 5.3 Incident handling
  • 6 The Directory, authentication and identity management
    • 6.1 Protection of Directory information
      • 6.1.1 Directory protection objectives
      • 6.1.2 Authentication of Directory users
      • 6.1.3 Directory access control
      • 6.1.4 Privacy protection
    • 6.2 Strong authentication: public-key security mechanisms
      • 6.2.1 Secret key and public key cryptography
      • 6.2.2 Public-key certificates
      • 6.2.3 Public-key infrastructures
      • 6.2.4 Privilege management infrastructure
    • 6.3 Authentication guidelines
      • 6.3.1 Secure password-based authentication protocol with key exchange
      • 6.3.2 Extensible Authentication Protocol
    • 6.4 Identity management
      • 6.4.1 Overview of identity management
      • 6.4.2 ITU-T identity management work
    • 6.5 Telebiometrics
      • 6.5.1 Telebiometric authentication
      • 6.5.2 Telebiometric digital key generation and protection
      • 6.5.3 Security and safety aspects of telebiometrics
      • 6.5.4 Telebiometrics related to human physiology
      • 6.5.5 Other developments in telebiometrics standards
  • 7 Securing the network infrastructure
    • 7.1 The telecommunications management network
    • 7.2 Network management architecture
    • 7.3 Securing the infrastructure elements of a network
    • 7.4 Securing monitoring and control activities
    • 7.5 Securing network-based applications
    • 7.6 Common security management services
      • 7.6.1 Security alarm reporting function
      • 7.6.2 Security audit trail function
      • 7.6.3 Access control for managed entities
      • 7.6.4 CORBA-based security services
  • 8 Some specific approaches to network security
    • 8.1 Next Generation Network (NGN) security
      • 8.1.1 NGN security objectives and requirements
    • 8.2 Mobile communications security
      • 8.2.1 Secure mobile end-to-end data communications
    • 8.3 Security for home networks
      • 8.3.1 Security framework for the home network
      • 8.3.2 Device certification and authentication in home networks
      • 8.3.3 Human user authentication for home network services
    • 8.4 IPCablecom
      • 8.4.1 IPCablecom Architecture
      • 8.4.2 Security requirements for IPCablecom
      • 8.4.3 Security services and mechanisms in IPCablecom
    • 8.5 IPCablecom2
      • 8.5.1 The IPCablecom2 architecture
      • 8.5.2 Security requirements for IPCablecom2
      • 8.5.3 Security services and mechanisms in IPCablecom2
    • 8.6 Security for ubiquitous sensor networks
  • 9 Application security
    • 9.1 Voice over IP (VoIP) and multimedia
      • 9.1.1 Security issues in multimedia and VoIP
      • 9.1.2 An overview of H.235.x subseries Recommendations
      • 9.1.3 Network address translation and firewall devices
    • 9.2 IPTV
      • 9.2.1 Mechanisms for protecting IPTV content
      • 9.2.2 Mechanisms for protecting IPTV service
      • 9.2.3 Protection of subscriber information
    • 9.3 Secure fax
    • 9.4 Web services
      • 9.4.1 Security Assertion Markup language
      • 9.4.2 Extensible access control markup language
    • 9.5 Tag-based services
  • 10 Countering common network threats
    • 10.1 Countering spam
      • 10.1.1 Technical strategies on countering spam
      • 10.1.2 Email spam
      • 10.1.3 IP multimedia spam
      • 10.1.4 Short message service (SMS) spam
    • 10.2 Malicious code, spyware and deceptive software
    • 10.3 Notification and dissemination of software updates
  • 11 The future of ICT security standardization
  • 12 Sources of additional information
    • 12.1 Overview of SG 17 work
    • 12.2 The Security Compendium
    • 12.3 The Security Standards Roadmap
    • 12.4 Implementation guidelines for security
    • 12.5 Additional information on the Directory, authentication and identity management
  • Annex A – Security definitions
  • Annex B – Acronyms and abbreviations used in this manual
  • Annex C – Summary of security-related ITU-T Study Groups
  • Annex D – Security Recommendations referenced in this manual