Security of TMN

TMN is applicable to management of a diversity of equipment, networks and services. This diversity and in particular the huge differences in complexity and cost of network elements (e.g. digital switches compared with regenerators) complicates the specification and standardization of security in TMN. However, equipment cost is not itself very useful and appropriate security measures should be based on other factors such as potential loss of revenue. The need for security of TMN is evident even from a generic evaluation of different information assets together with the specification of top-level security objectives. Existing TMN recommendation only allow for a modest level of security. In a number of known management systems and network elements only seldom changed passwords are used. Such password are often transmitted in the clear thus providing only a very limited degree of security. Additional security measures requires that existing TMN protocols are modified to allow for exchange of security information and communication of protected transfer syntax. In addition, management of security in TMN is essential. GULS (generic upper layer security) is a promising candidate facilitating such security exchanges and security transformations. However, the details of which security techniques (e.g. type of authentication) is not specified by GULS and must be provided by additional standards. Even so, GULS (or similar mechanisms) allow for the introduction of a security infrastructure within the TMN which enables different security techniques to be applied when standardised or as needed