RFC 2975:Introduction to Accounting Management
RFC-Ref

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

security

Click on the red underlined text to get to the source

1. Introduction
... Since accounting applications do not have uniform security and reliability requirements ...
... requirements, it is not possible to devise a single accounting protocol and set of security services that will meet all needs. Thus the goal of accounting management ...
... actually carried out so as to be able to compare this to the recommended process. Accomplishing this may require security services such as authentication and integrity protection. ...
... accounting protocol supports data object security, this allows the end-points to verify that the proxy ...
... as long as bias is not introduced. The security requirements for trend analysis and capacity planning depend on the circumstances of data collection and the sensitivity of ...
... depend on the circumstances of data collection and the sensitivity of the data. Additional security services may be required when data is being transferred between administrative domains. For example, when ...
... Since in usage-sensitive systems, accounting data translates into revenue, the security and reliability requirements are greater. Due ...
... to financial and legal requirements such systems need to be able to survive an audit. Thus security services such as authentication, integrity ...
... policy, service level agreements, or security guidelines. To permit a credible audit, the auditing data collection ...
... accounting process being used by the entity that is being audited. Similarly, security policies for the audit should be at least as stringent as those used in preparation of the original invoice ...
... Where auditing procedures are used to verify conformance to usage or security policies, security services may be desired. This typically will include authentication ...
... Where auditing procedures are used to verify conformance to usage or security policies, security services may be desired. This typically will include authentication, integrity ...
... confidentiality and data object integrity. In order to permit response to security incidents in progress, auditing applications frequently are built to operate with low processing delay. ...
... behavioral and financial impacts. As a result, systems developed for this purposes are typically as concerned with reliable data collection and security as are billing applications. Due to financial and legal requirements, archival accounting ...
... accounting data between domains, additional security measures may be desirable. In addition to authentication, replay and integrity protection ...
... desirable. In addition to authentication, replay and integrity protection, it may be desirable to deploy security services such as confidentiality and data object integrity ...
... requirements for timeliness, security and reliability in multiple record sessions ...
... roaming | | [Data object | | | Bounds on | security and | | | processing delay | receipt support] | | | | Bounds on | ...


3. Review of Accounting Protocols
... confidentiality, data object security is not supported, and thus systems based on RADIUS accounting ...
... confidentiality. Data object security is not supported, and therefore systems based on TACACS+ accounting ...
... Security services ...
... The SNMP User Security Model (USM) [38] uses shared secrets ...
... in a localized way while preventing the other entities from getting at each other's data. This can assist in cross-domain security if deployed properly. ...
... SNMP entity that constructs messages, provides security functions, and maps to the transport layer. Traditional agents ...
... A securityEngineID field in a message identifies the engine which provides access to the security credentials contained in the message header. A contextEngineID field in a message identifies the engine ...
... MIB module in an engine and that instance must be easy to locate, such as the system MIB or the security MIBs. ...
... RMON tables, and another view that includes only the SNMPv3 security related tables. Using these views, it is possible to allow access to the RMON ...
... administrators), and access to the SNMPv3 security tables for user Adam (the SNMP security ...
... security tables for user Adam (the SNMP security Administrator). ...
... For example, all users of bigco.com which are allowed access to the device would be defined in the User-based security MIB module (or other security model ...
... security MIB module (or other security model MIB module). For simplicity in administering access control ...
... context and context to instrumentation mappings, and to ensure that security is not weakened. ...
... MIB modules as well as FTP, and requires separate security mechanisms such as IPSEC to provide authentication ...
... On-going security extension research ...
... key management and enable use of certificate- based security in SNMPv3, a Kerberos Security Model ...
... security in SNMPv3, a Kerberos Security Model (KSM) for SNMPv3 has been proposed in [44 ...
... An IPSEC-based security model for SNMPv3 has been discussed. Implementation of such a security model ...
... security model for SNMPv3 has been discussed. Implementation of such a security model would require the SNMPv3 engine to be able to retrieve the properties of the IPSEC security association ...
... security model would require the SNMPv3 engine to be able to retrieve the properties of the IPSEC security association used to protect the SNMPv3 traffic. This would include ...
... SNMPv3 traffic. This would include the security services invoked, as well as information relating to the other endpoint, such as the authentication method ...
... certificates, which may not provide the required granularity of identification. Thus, an IPSEC-based security model for SNMPv3 would probably take several years to come to fruition. ...
... Given the SNMPv3 security enhancements, it is desirable for SNMP- based intra-domain ...
... Proxy Forwarder. In the long term, alternative security models such as the Kerberos Security Model may further ...
... security models such as the Kerberos Security Model may further reduce the effort required to manage security and enable streamlined ...
... Kerberos Security Model may further reduce the effort required to manage security and enable streamlined inter-domain operation. ...


4. Review of Accounting Data Transfer
... SMTP-based implementations have many desirable characteristics, particularly with regards to security. Accounting ...
... Using IPSEC, TLS or Kerberos, hop-by-hop security services such as authentication, integrity protection ...
... 13] and [15], data object security is available for SMTP, and in addition, the facilities described in [12 ...
... accounting data transfer are capable of satisfying the most demanding security requirements. However, such systems are not typically capable of providing low processing delay, although this may be addressed by the enhancements described in [20 ...
... highly reliable, and the batching of accounting records makes possible efficient transfers and application of required security services with lessened overhead. ...


5. Summary
... As noted previously in this document, accounting applications vary in their security and reliability requirements. Some uses such as ...
... as inter-domain usage-sensitive billing may require the highest degree of security and reliability, since in these cases the transfer of accounting ...
... Since accounting applications do not have uniform security and reliability requirements ...
... requirements, it is not possible to devise a single accounting protocol and set of security services that will meet all needs. Rather, the goal of accounting management ...
... accounting application to ensure that the methods chosen meet the security and reliability requirements ...
... In inter-domain capacity planning and non-usage sensitive billing, the security and reliability requirements are greater. As a result, ...
... requirements. For example, existing protocols lack data object security support and extensions to improve scalability of inter-domain ...
... authentication are needed, such as the Kerberos Security Model (KSM) for SNMPv3. ...
... Inter-domain operation can benefit from data object security (which no existing protocol provides) as well as inter-domain security model ...
... security (which no existing protocol provides) as well as inter-domain security model enhancements (such as the KSM). ...
... acknowledgments. SNMPv3 with the NMRG extensions and security scalability improvements such as the KSM can satisfy the requirements ...
... However, in inter-domain use, additional security precautions such as data object security ...
... security precautions such as data object security and receipt support are required. No existing protocol can meet these requirements. A summary is given in the ...
... confidentiality support * = lacks data object security % = limited robustness against packet loss ...


6. Security Considerations
... Security Considerations ...
... Security issues are discussed throughout this memo. ...


8. References
... Elkins, M., "MIME Security with Pretty Good Privacy (PGP)", RFC 2015prop ...
... Galvin, J., Murphy, S., Crocker, S. and N. Freed, "Security Multiparts for MIME: Multi-part/Signed and Multipart/Encrypted", RFC 1847prop ...
... Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol ...
... Hornstein, K. and W. Hardaker, "A Kerberos Security Model for SNMPv3", Work in Progress. ...

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org