| 摘要 |
This document defines a Management Information Base (MIB) and audit log. The purpose of
the MIB is to provide a standard mechanism to manage ATM network elements capable of
filtering ATM SETUP messages based on security criteria. Each ATM network element
processing a SETUP message will have the option to discard the SETUP message if it does
not pass the security filters within the MIB.
This specification also defines an audit log that can be used by a node to record various events
that may be of interest to a security administrator. The audit log is protected by a digital
signature to prevent tampering.
This MIB and audit log are intended to be used with a secure network management strategy.
Many objects have the access of read-write or read-create assigned to them. Making these
objects writable from a remote management station requires authentication so only authorized
managers access the node and access control so that only authorized network administrators
can change security parameters. These services are out of scope for this document, but are
defined in AF-SEC-0179.000. Without these security services, unauthorized users may
change the security configuration of a node to bypass security filtering. |
