TR 101 771 : 1.1.1

Intellectual Property Rights
Foreword
1 Scope
2 References
3 Definitions and abbreviations
   3.1 Definitions
   3.2 Abbreviations
4 Overview
5 System's Design
   5.1 Network Architecture
   5.2 General Design
   5.3 TIPHON Connectivity Scenarios
   5.4 Services
6 Security Objectives
   6.1 Main Security Objectives
   6.2 Customers' (Subscribers') Objectives
   6.3 Objectives of (TIPHON) Service and Network
        Providers
   6.4 Manufacturers' Objectives
7 System's Review
8 Threat Analysis and possible Countermeasures
   8.1 Denial of service
   8.2 Eavesdropping
   8.3 Masquerade
   8.4 Unauthorized access
   8.5 Loss of information
   8.6 Corruption of information
   8.7 Repudiation
9 Risk Assessment
   9.1 Methodology
   9.2 Evaluation of Risks
   9.3 Effectiveness of Countermeasures
10 Recommendations
   10.1 Security Policy
   10.2 Recommendation to the TIPHON Security Profiles
   10.3 Recommendation to the TIPHON network
        architecture
   10.4 Recommendation to TIPHON Services
Annex A: Legislation Issues
      A.1 Privacy
      A.2 Security Order
      A.3 Lawful Interception
      A.4 Contract
Annex B: Description of Threats
      B.1 Denial of services
      B.2 Eavesdropping
      B.3 Masquerade
      B.4 Modification of information
      B.5 Unauthorized access
Annex C: Description and possible examples of
         Countermeasures
      C.1 Authentication
      C.2 Digital Signature
      C.3 Access Control
      C.4 Virtual Private Network
      C.5 Secure Configuration of Operating Systems
      C.6 Secure Configuration of Networks
      C.7 Protection from Denial of Service Attacks
           on Hosts and Media Streams
      C.8 Physical Protection
      C.9 Encryption
      C.10 Intrusion Detection Systems
      C.11 Auditing and logging
      C.12 Non-Repudiation measures
Annex D: Threat and Countermeasure Template for
         Providers
Annex E: Bibliography
History

Specifies the comprehensive analysis of security threats to the TIPHON environment as described in principle in TS 101 313 [9]. It includes a definition of the security objectives, a description of the assets within the TIPHON environment, a list of threats to the TIPHON environment, a risk assessment, and a recommendation of the necessary security countermeasures.