CONTENTS

  Title Page

  Copyright Page

  Preface

  Part I    Introductory Information

  1      Overview

  1.1     Security in Packet Switching Data Networks

  1.2     Introduction to X.25 Security

  1.3     X.25 Security Protection Mechanisms
    1.3.1      Rights Identifiers
    1.3.2      Access Levels
    1.3.3      Access Control Lists
    1.3.4      X.25 Security-specific Identifiers

  2      The X.25 Security Model

  2.1     The X.25 Security Model

  2.2     Filter Security

  2.3     DTE Class Security

  2.4     Bilateral Closed User Group Security

  2.5     Permanent Virtual Circuit Security

  2.6     Connector System Security

  3      How the X.25 Security Model Is Used

  3.1     Introduction

  3.2     Verifying Incoming Calls
    3.2.1      Verifying Incoming Calls to an X.25 Direct Connect System
    3.2.2      Verifying Incoming Calls to an X.25 Client System

  3.3     Verifying Outgoing Calls
    3.3.1      Verifying Outgoing Calls from an X.25 Direct Connect System
    3.3.2      Verifying Outgoing Calls from an X.25 Client System

  3.4     Verifying Access to PVCs

  3.5     Remote DTE Entity Selection

  3.6     The ACL Matching Procedure
    3.6.1      Null ACLs
    3.6.2      Null Rights Identifiers
    3.6.3      The Order of ACL Entries

  Part II    How to Manage X.25 Security

  4      Managing X.25 Security

  4.1     Introduction

  4.2     Planning Security for Your System
    4.2.1      Planning Filter Security
    4.2.2      Planning DTE Class and Remote DTE Security
    4.2.3      Planning PVC Security
    4.2.4      Planning Group Security

  4.3     Setting Up Outgoing Security
    4.3.1      Setting Up Outgoing Security (Non Connector Systems)
    4.3.2      Setting Up Outgoing Security on a Connector System
    4.3.3      Example Security Setup
    4.3.4      Setting Up an Open System

  5      Monitoring X.25 Security

  5.1     Introduction

  5.2     Monitoring Security
    5.2.1      Security Events
    5.2.2      Security Counters
    5.2.3      Monitoring Events and Counters
    5.2.4      Monitoring the Status of Security Entities
    5.2.5      Monitoring Match-all Security

  Part III    Reference Information

  A   The X.25 Security Verification Procedure

  A.1     Verifying Outgoing Calls
    A.1.1      Finding the Rights Identifiers
    A.1.2      Finding the DTE Class
    A.1.3      Finding the Security DTE Class
    A.1.4      Matching the Called DTE Address Against Remote DTE Entities
    A.1.5      Determining the Access Level to the Selected Remote DTE
    A.1.6      What Happens if X.25 Security Blocks Access?

  A.2     Verifying Outgoing Calls Using Bilateral Closed User Groups
    A.2.1      Finding the Rights Identifiers
    A.2.2      Finding the Group Entity
    A.2.3      Verifying the Access Level to the Selected BCUG
    A.2.4      What Happens if X.25 Security Blocks Access?

  A.3     Verifying Incoming Calls
    A.3.1      Finding the Security DTE Class
    A.3.2      Matching the Calling DTE Address Against Remote DTE Entities
    A.3.3      Finding the Rights Identifiers for the Selected Remote DTE
    A.3.4      Finding the Filter that Matches the Call
    A.3.5      Finding the Security Filter
    A.3.6      Verifying the Access Level to the Filter
    A.3.7      What Happens if X.25 Security Blocks Access?

  A.4     Verifying Incoming Calls Using Bilateral Closed User Groups
    A.4.1      Finding the Group Entity
    A.4.2      Finding the Rights Identifiers
    A.4.3      Subsequent Verification Procedure
    A.4.4      What Happens if X.25 Security Blocks Access?

  A.5     Verifying Access to Permanent Virtual Circuits
    A.5.1      Finding Rights Identifiers
    A.5.2      Finding the PVC Entity
    A.5.3      Verifying the Access Level to the PVC
    A.5.4      What Happens if X.25 Security Blocks Access?

  B   X.25 Security Events

  B.1     Incoming Call Failed

  B.2     Incoming Call Blocked

  B.3     Outgoing Call Blocked

  B.4     Outgoing Call Configuration Error

  B.5     PVC Access Blocked

  C   X.25 Security-specific Identifiers

  FIGURES

  2-1        Entities Used by X.25 Security

  2-2        Filter Security

  2-3        DTE Class Security

  2-4        The Group Entity

  2-5        The Structure of the PVC Entity

  2-6        The Structure of the Security Nodes Entity

  3-1        Example Incoming Call (X.25 Direct Connect Systems)

  3-2        Local DTE Security (incoming calls)

  3-3        Example Incoming Call (X.25 Client Systems)

  3-4        Example Outgoing Call (X.25 Direct Connect System)

  3-5        Local DTE Security (outgoing calls)

  3-6        Example Outgoing Call from an X.25 Client System

  3-7        X.25 Client System Security

  3-8        Connector System Security

  3-9        Remote DTEs with Valid RAPs

  3-10       The Ordering of ACL Entries

  4-1        Example Configuration

  A-1        How X.25 Security Verifies Outgoing Calls

  A-2        How X.25 Security Verifies Outgoing Calls using BCUGs

  A-3        How X.25 Security Verifies Incoming Calls

  A-4        How X.25 Security Verifies Incoming Calls using BCUGs

  A-5        How X.25 Security Verifies Access to PVCs

  TABLES

  1-1        Agents and Objects

  1-2        Access Levels

  3-1        ACL Matching

  5-1        X.25 Access Module Security Counters

  5-2        Entity-Specific Security Counters

  5-3        Status Attributes

  B-1        Incoming Call Failed-Arguments

  B-2        Incoming Call Failed-Reasons

  B-3        Incoming Call Blocked-Arguments

  B-4        Outgoing Call Blocked-Arguments

  B-5        Outgoing Call Configuration Error-Arguments

  B-6        Outgoing Call Configuration Error-Reasons

  B-7        PVC Access Blocked-Arguments