Category:Network Controller

From SmartGridiPedia

Contents 1 Network Controller 2 Service Domains 3 Requirements Coverage 3.1 Security Functional Requirements 3.1.1 Confidentiality and Privacy 3.1.2 Integrity Requirements 3.1.3 Availability Requirements 4 References & Examples 5 Security Mechanisms

Network Controller

A network controller is an abstract security functional component which controls the network topology and is a point of exchange between networks. Because of its tendency to facilitate aggregation and interconnection, the network controller is a natural place to apply and enforce security policy. One typically finds network controllers in routers, switches, gateways, and other means of network interconnection.

Service Domains

<This should be a link to the domain descriptions.> Communication Services

Requirements Coverage

Consider enumerating the SRS requirements set on another page to avoid duplication across components. Link that enumeration to each component by number to show coverage. Transclusion might help if wikipedia supports it, but simple link to the name is fine.

Security Functional Requirements

Confidentiality and Privacy

FCP.12 The functions provided by the security function to recover from failure or service discontinuity shall ensure that the secure initial state is restored without exceeding [assignment: quantification] for loss of security function data or objects under the control of the module's security function.

FCP.13 The security function shall protect security function data from unauthorized disclosure when it is transmitted between separate parts of the system.

FCP.14 The security function shall identify and handle error conditions in an expeditious manner without providing information that could be exploited by adversaries.

Integrity Requirements

FIN.1 The security function shall preserve a secure state when the following types of failures occur (List of types of failure in the module): power failure, connectivity

FIN.9 For [assignment: list of security function devices/elements for which active detection is required], the security function shall monitor the devices and elements and notify [assignment: a designated user or role] when physical tampering with the module's security function's devices or module's security function's elements has occurred.

FIN.11 After [assignment: list of failures/service discontinuities] the security function shall enter a [assignment: mode (e.g., maintenance mode)] where the ability to return to a secure state is provided.

Availability Requirements

TBD

References & Examples

• Routers, Mesh Routers, Switch

• Generic Threats to Routing Protocols (http://www.ietf.org/rfc/rfc4593.txt)
• Routing Protocol Security Requirements (rpsec) (http://www.ietf.org/html.charters/rpsec-charter.html)
• Routing Protocol Protection Issues (http://tools.ietf.org/id/draft-manral-rpsec-existing-crypto-05.txt)
• Spanning Tree Protocol. IEEE 802.1D (http://en.wikipedia.org/wiki/Spanning_tree_protocol)

Security Mechanisms

• Point of policy enforcement
• Proxy
• Monitor/Filter
  • Connections
  • Protocols
  • Application Data (rare)
• Access Control
  • Authentication
  • Authorization
  • Accounting/Logging
• Network separation/containment

<below here under consideration>

• Security Mechanisms - Encryption
  • Unique Keys
  • Key Rotation
  • Error Correction Code
  • Key monitoring
  • Key management
  • Key Recovery
  • Encryption
  • Digital Certificates

• Security Mechanisms
  • Monitor
  • Recovery
  • Tamper detector
  • Authenticator (see Encryption)
  • Access Controller
  • Non-Repudiation
  • Remote Upgrades
  • Audit and Logging
  • Automated Monitoring
  • Physical Inspection
  • Training
  • Documentation Control
  • Deception (e.g. honey pots, camouflage)
  • Quality Control

This category currently contains no pages or media.