Содержание
Скачать 2.18 Mb.
|
| The device SHALL support the capability to specify the condition (e.g., time interval) that causes the security log to be uploaded to a designated storage facility to avoid the overwrite of any information. | Comply | |
| 6,143 | The device MUST support the capability to securely transmit (i.e., with authentication, integrity, and confidentiality mechanisms) audit data to a network designated audit data collection node to off-load the audit capability from other network nodes. (Optional) | Comply |
| 6,144 | The device SHALL have the capability to monitor, in real time, the occurrence or accumulation of security auditable events that may indicate an immediate security violation. | Comply |
| 6,145 | When thresholds are exceeded, the device SHALL immediately notify an appropriate administrator. | Comply |
| 6,146 | The device SHALL have the ability to record remote administrative actions in an audit log. | Comply |
| 6,147 | The device SHALL provide the capability to off-load stored audit information to another storage media for long-term retention. | Comply |
| 6,148 | The audit mechanism SHALL notify the administration when audit log space is near capacity. | Comply |
| 6,149 | An administrator SHALL be able to activate detailed auditing for a specific user ID and/or point of access (e.g., port). | Comply |
| 6,150 | The device SHALL provide the capability to control priorities so that audit and alarm files can be consistently accessed and data is not lost. | Comply |
| 6,151 | The device MUST provide mechanisms for recognizing potential DoS attacks and block the logical interface from which sourced. | Comply |
| 6,152 | Packet Filtering SHALL support Layer 2 access control lists. | Comply |
| 6,153 | Packet Filtering SHALL support filtering rules for allowed packets by source IP address. | Comply |
| 6,154 | Packet Filtering SHALL support filtering rules for allowed packets by destination IP address. | Comply |
| 6,155 | Packet Filtering SHALL support filtering rules for allowed packets by transport protocol. | Comply |
| 6,156 | Packet Filtering SHALL support filtering rules for allowed packets by destination port numbers. | Comply |
| 6,157 | Regarding Management Interfaces, Packet Filtering SHALL have the capability discard all packets not explicitly allowed. | Comply |
| 6,158 | Packet Filtering SHALL have settable “on/off” control of blocking all packets of type ICMP echo request. | Comply |
| 6,159 | Packet Filtering SHALL block all packets associated with the finger, who, rwho, talk and tftp network applications. | Comply |
| 6,160 | Packet Filtering SHALL support counts of allowed packets by source IP address. | Comply |
| 6,161 | Packet Filtering SHALL support counts of allowed packets by destination IP address. | Comply |
| 6,162 | Packet Filtering SHALL support counts of allowed packets by transport protocol. | Comply |
| 6,163 | Packet Filtering SHALL support counts of allowed packets by destination port numbers. | Comply |
| 6,164 | Packet Filtering SHALL support counts of blocked packets by source IP address. | Comply |
| 6,165 | Packet Filtering SHALL support counts of blocked packets by destination IP address. | Comply |
| 6,166 | Packet Filtering SHALL support counts of blocked packets by transport protocol. | Comply |
| 6,167 | Packet Filtering SHALL support counts of blocked packets by destination port numbers. | Comply |
| 6,168 | The requirements in this section apply to all the device which have a “northbound” interface for surveillance, provisioning, remote administration and other management actions across the NEL-EML-NML-SML layers of the TMN Management Model. Examples of protocols typically used include: SNMPvX, Telnet, TL1, FTP, http, (Simple Object Access Protocol (SOAP)/XML, CORBA and other protocols. | Comply |
| 6,169 | All authentication information that traverses a data communications network, regardless of being private or public, SHALL NOT travel in "clear" text or otherwise be able to be read by an eavesdropping third party. Authentication includes validation of systems or users, and permissions assigned to those systems/users. | Comply |
| 6,170 | The device SHALL support per command authorization using Terminal Access Controller Access Control System “Plus” (TACACS+). | Comply |
| 6,171 | The device SHALL support command privilege levels using TACACS+. | Comply |
| 6,172 | The device SHALL support command exec levels using TACACS+. | Comply |
| 6,173 | IPsec, TLS, and SSHv2SHALL be supported for all device – Management Systems interaction. | Comply |
| 6,174 | The SNMP default (i.e., “private”, “public”) community name SHALL NOT be specified or used. | Comply |
| 6,175 | The SNMP implementation SHALL have been tested as free of all vulnerabilities identified in CERT advisory CA-2002-03 and CERT Summary C2002-01, February 28, 2002, issued by the CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University, Pittsburgh PA 15213-3890, U.S.A. | Comply |
| 6,176 | SNMP (all versions) SHALL not be used unless over IPsec or Read-Only in a management environment. | Comply |
| 6,177 | Identification/Authentication, Confidentiality and Integrity SHALL be based on Transport Layer Security (TLSv1) or Secure Shell (SSH) protocols when Telnet, TL1, FTP, W-Terminal/X-Windows or http type protocols are used. | Comply |
| 6,178 | TLS and SSHv2based identification and authentication SHALL be mutual, specifically bi-directional “two-way” between the device and the MS. | Comply |
| 6,179 | TLS and SSHv2based identification and mutual authentication SHALL be either based on digital signature from server with TLS secured ID/password from client or based on digital signatures between server and client. | Comply |
| 6,180 | When ID/password from client are used as part of TLS and SSHv2 based identification and mutual authentication, the TLS or SSHv2 server SHALL interface with a TACACS+ server for validation of client presented ID/password. | Comply |
| 6,181 | Identification/Authentication, Confidentiality and Integrity SHALL be provided by IPsec if SNMPv3 is used and symmetric “shared secret” keys are NOT deployed. | Comply |
| 6,182 | The following requirements apply to all system elements that use the Extensible Markup Language (XML) for the storage, transmission or exchange of information: | Comply |
| 6,183 | When XML is used for information transfers, the XML implementation SHALL be fully compliant with the latest World Wide Web Consortium (W3C) recommendation for XML. | Comply |
| 6,184 | When XML is used for formatting information transfers, the XML implementation SHALL be fully compliant with the proposed World Wide Web Consortium (W3C) XML signature recommendation. | Comply |
| 6,185 | When XML is used for formatting information transfers, the XML implementation SHALL be fully compliant with the proposed World Wide Web Consortium (W3C) XML encryption recommendation. | Comply |
| 6,186 | When XML is used for formatting information transfers, the XML implementation SHALL be fully compliant with the proposed World Wide Web Consortium (W3C) XML key management recommendation. | Comply |
| 6,187 | XML security, when used over TLS/SSLv3 or IPsec, SHALL be considered equivalent to the use of W3C XML signatures, W3C XML encryption and W3C XML key management. | Comply |
| 6,188 | The operating system SHALL be on a release currently supported by the manufacturer. | Comply |
| 6,189 | The operating system in use SHALL be the most current release (Service Pack) or the next most current (older) release. |
Похожие:
 | Пояснительные записки, тематическое планирование и тексты учебных пособий Летней физико-математической школы. 2002 и 2003 гг | | Общие требования к первой (предквалификационной) и второй частям заявок (содержание, оформление, подача, изменение, отзыв) 15 |
| Общие требования к первой (предквалификационной) и второй частям заявок (содержание, оформление, подача, изменение, отзыв) 15 | | В соответствии с решением Совета депутатов г. Мурманска от 26. 12. 2006 года №30-357 «Об организации дошкольного образования и родительской... |
 | В соответствии с решением Совета депутатов г. Мурманска от 26. 12. 2006 года №30-357 «Об организации дошкольного образования и родительской... | | Научное содержание нир, оформленное по образцу научной публикации (объемом до 15 машинописных страниц, через 1,5 интервала) |
| Неправильное составление договора или неполное содержание влечёт за собой проблемы различного характера | | Разъяснения по выгрузке информации о прекращении банковской гарантии в иных, отличных от окончания срока гарантии случаях. 145 |
| Характеристики, структура и содержание Раздел Характеристики, структура и содержание учебной дисциплины | | Суть и содержание понятия «маркетинг». Цели, задачи, объект и предмет маркетинга. Эволюция содержания маркетинга |