CONTENTS

  Title Page

  Copyright Page

  Preface

  Part I   Introductory Information

  1      The X.25 Security Model

  1.1     Introduction

  1.2     Security in Packet Switching Data Networks

  1.3     Introduction to X.25 Security

  1.4     The X.25 Security Model
    1.4.1      Filter Security
    1.4.2      DTE Class Security
    1.4.3      Permanent Virtual Circuit Security
    1.4.4      Closed User Group Security
    1.4.5      Security Nodes Entity

  1.5     X.25 Security Protection Mechanisms
    1.5.1      Rights Identifiers
    1.5.2      Access Control Lists
      1.5.2.1      Access Levels
    1.5.3      VAX P.S.I. Security Specific Identifiers

  2      How the X.25 Security Model Is Used

  2.1     Introduction

  2.2     How X.25 Security Checks Calls
    2.2.1      Checking Incoming Calls
    2.2.2      Checking Outgoing Calls from Native Systems
    2.2.3      Checking Outgoing Calls Through Gateway Systems

  2.3     Checking Access to PVCs

  2.4     Remote DTE Selection

  2.5     The ACL Matching Algorithm
    2.5.1      Null ACLs
    2.5.2      Null Rights Identifiers
    2.5.3      The Order of ACL Entries

  Part II   How to Manage X.25 Security

  3      Managing X.25 Security

  3.1     Introduction

  3.2     Planning Security for Your System
    3.2.1      Planning Filter Security
    3.2.2      Planning DTE Class Security
    3.2.3      Planning PVC Security
    3.2.4      Planning Group Security

  3.3     Setting Up Security

  3.4     Setting Up an Open System

  4      Monitoring X.25 Security

  4.1     Introduction

  4.2     Monitoring Security
    4.2.1      Security Events
    4.2.2      Security Counters
    4.2.3      Monitoring Events and Counters
    4.2.4      Monitoring the Status of Security Entities

  Part III   Reference Information

  A   The X.25 Security Checking Procedure

  A.1     Checking Outgoing Calls
    A.1.1      Finding the Rights Identifiers
      A.1.1.1      Finding the Rights Identifiers on a Connector System
    A.1.2      Finding the DTE Class
    A.1.3      Finding the Security DTE Class
    A.1.4      Matching the Called DTE Address Against Remote DTE Entities
    A.1.5      Checking the Access Level to the Selected Remote DTE
    A.1.6      What Happens If X.25 Security Blocks Access?

  A.2     Checking Outgoing Calls Using Bilateral Closed User Groups
    A.2.1      Finding the Rights Identifiers
      A.2.1.1      Finding the Rights Identifiers When the Agent Is X25 Server
    A.2.2      Finding the Group Entity
    A.2.3      Checking the Access Level to the Selected BCUG
    A.2.4      What Happens If X.25 Security Blocks Access?
      A.2.4.1      Actions When X25 Server Is the Agent

  A.3     Checking Incoming Calls
    A.3.1      Finding the Security DTE Class
    A.3.2      Matching the Calling DTE Address Against Remote DTE Entities
    A.3.3      Finding the Rights Identifiers for the Selected Remote DTE
    A.3.4      Finding the Filter that Matches the Call
    A.3.5      Finding the Security Filter
    A.3.6      Checking the Access Level to the Filter
    A.3.7      What Happens If X.25 Security Blocks Access?

  A.4     Checking Incoming Calls Using Bilateral Closed User Groups
    A.4.1      Finding the Group Entity
    A.4.2      Finding the Rights Identifiers
    A.4.3      Finding the Filter that Matches the Call
    A.4.4      Finding the Security Filter
    A.4.5      Checking the Access Level to the Filter
    A.4.6      What Happens If X.25 Security Blocks Access?

  A.5     Checking Access to Permanent Virtual Circuits
    A.5.1      Finding Rights Identifiers
    A.5.2      Finding the PVC
    A.5.3      Checking the Access Level to the PVC
    A.5.4      What Happens If X.25 Security Blocks Access?
      A.5.4.1      Actions When X25 Server Is the Agent

  B   X.25 Security Events

  B.1     Incoming Call Blocked

  B.2     Outgoing Call Blocked

  B.3     Outgoing Call Configuration Error

  B.4     PVC Access Blocked

  FIGURES

  1-1        Entities Used by X.25 Security

  1-2        Filter Security

  1-3        DTE Class Security

  1-4        The Structure of the PVC Entity

  1-5        The Structure of the Group Entity

  1-6        The Structure of the Security Nodes Entity

  1-7        Access Control List

  2-1        Example Incoming Call

  2-2        Called DTE Security

  2-3        Example Outgoing Call

  2-4        Calling DTE Security

  2-5        Example Outgoing Call Through a Gateway

  2-6        Gateway Security

  2-7        Remote DTEs with Valid RAPs

  2-8        The Ordering of ACL Entries

  3-1        Example Configuration

  A-1        How X.25 Security Checks Outgoing Calls

  A-2        How X.25 Security Checks Incoming Calls

  A-3        How X.25 Security Checks Access to PVCs

  TABLES

  1-1        Agents and Objects

  1-2        Access Levels

  2-1        ACL Matching

  4-1        X25 Access Module Security Counters

  4-2        Entity-Specific Security Counters

  4-3        Status Attributes

  B-1        Incoming Call Blocked-Arguments

  B-2        Outgoing Call Blocked-Arguments

  B-3        Outgoing Call Configuration Error-Arguments

  B-4        Outgoing Call Configuration Error-Reasons

  B-5        PVC Access Blocked-Arguments