Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.927  Word version:  18.2.0

Top   Top   Up   Prev   None
1…   4…
4 Generic Virtualized Network Product (GVNP) class description5 Generic assets and threats6 Generic assets and threats for network functions supporting SBA interfaces$ Change history

 

4  Generic Virtualized Network Product (GVNP) class descriptionp. 8

4.1  Overviewp. 8

4.2  Minimum set of functions defining the GNP classp. 9

4.3  Generic virtualized network product modelp. 9

4.3.1  Introductionp. 9

4.3.2  Generic virtualized network product model of type 1p. 10

4.3.2.1  Description of the GVNP modelp. 10

4.3.2.2  Functions defined by 3GPPp. 10

4.3.2.3  Other functionsp. 10

4.3.2.4  Operating system (OS)p. 10

4.3.2.5  Interfacesp. 10

4.4  Scope of the present documentp. 11

4.4.1  Introductionp. 11

4.4.2  Scope regarding GVNP functions defined by 3GPPp. 11

4.4.3  Scope regarding other functionsp. 11

4.4.4  Scope regarding Operating System (OS)p. 11

4.4.5  Scope regarding hardwarep. 12

4.4.6  Scope regarding interfacesp. 12

5  Generic assets and threatsp. 12

5.1  Introductionp. 12

5.2  Critical assetsp. 12

5.2.1  Generic assets of GVNP for type 1p. 12

5.3  Threatsp. 12

5.3.1  Generic threats formatp. 12

5.3.2  Generic threats for GVNP of type 1p. 13

5.3.2.1  Introductionp. 13

5.3.2.2  Threats relating to 3GPP-defined interfacesp. 13

5.3.2.3  Threats relating to ETSI-defined interfacesp. 13

5.3.2.4  Spoofing identityp. 13

5.3.2.4.1  Default Accountsp. 13
5.3.2.4.2  Weak Password Policiesp. 14
5.3.2.4.3  Password peekp. 14
5.3.2.4.4  Direct Root Accessp. 14
5.3.2.4.5  IP Spoofingp. 14
5.3.2.4.6  Malwarep. 14
5.3.2.4.7  Eavesdroppingp. 14

5.3.2.5  Tamperingp. 14

5.3.2.5.1  Software Tamperingp. 14
5.3.2.5.2  Ownership File Misusep. 14
5.3.2.5.3  Boot tampering for GVNP of type 1p. 15
5.3.2.5.4  Log Tamperingp. 15
5.3.2.5.5  OAM traffic Tamperingp. 15
5.3.2.5.6  File Write Permissions Abusep. 15
5.3.2.5.7  User Session Tamperingp. 15

5.3.2.6  Repudiationp. 15

5.3.2.6.1  Lack of User Activity Tracep. 15

5.3.2.7  Information disclosurep. 15

5.3.2.7.1  Poor key generationp. 15
5.3.2.7.2  Poor key managementp. 15
5.3.2.7.3  Weak cryptographic algorithmsp. 15
5.3.2.7.4  Insecure Data Storagep. 15
5.3.2.7.5  System Fingerprintingp. 16
5.3.2.7.6  Malwarep. 16
5.3.2.7.7  Personal Identification Information Violationp. 16
5.3.2.7.8  Insecure Default Configurationp. 16
5.3.2.7.9  File/Directory Read Permissions Misusep. 16
5.3.2.7.10  Insecure Network Servicesp. 16
5.3.2.7.11  Unnecessary Servicesp. 16
5.3.2.7.12  Log Disclosurep. 16
5.3.2.7.13  Unnecessary Applicationsp. 16
5.3.2.7.14  Eavesdroppingp. 16
5.3.2.7.15  Security threat caused by lack of GVNP traffic isolationp. 16

5.3.2.8  Denial of Servicep. 16

5.3.2.9  Elevation of privilegep. 17

6  Generic assets and threats for network functions supporting SBA interfacesp. 17

$  Change historyp. 18

Up   Top