Add to collection(s) Add to saved
  1. Math
  2. Applied Mathematics

Auditing in TMF615 and its Benefits

Auditing in TMF615 and its Benefits
MOHAMMED IBRAHIM ALEEM
www.wipro.com
ARCHITECT, WIPRO TECHNOLOGIES
Table of contents
02 ............................................................................................................................ Introduction
03 ............................................................................................................................ Auditing in TMF615 Specification
04 ............................................................................................................................ Security Breach – Problem Description
05 ............................................................................................................................ Problem Analysis using TMF615 Auditing
06 ............................................................................................................................ Finding the Login Account and User
07 ............................................................................................................................ Finding the Login and Logout time
08 ............................................................................................................................ Gathering User Information
08 ............................................................................................................................ Checking the Account in the Target
08 ............................................................................................................................ Who Created the User?
09 ............................................................................................................................ What Were the Details of This Suspect User?
09 ............................................................................................................................ Who Created the Account?
10 ............................................................................................................................ Asynchronous Mode in Auditing
11 ............................................................................................................................ Conclusion
12 ............................................................................................................................ Appendix
12 ............................................................................................................................ References
12 ............................................................................................................................ Terms and Definitions
13 ............................................................................................................................ About the Author
Introduction
TMF615 specification, a specification detailed by the TM Forum, empowers service providers by enabling centralized user management by detailing an interface between the centralized and local user management systems.
TMF615 specification also has an exceptionally strong auditing feature which provides a comprehensive mechanism to monitor all the user and admin activities in the service provider network. This auditing feature can be
effectively used in monitoring the security of the enterprise. This whitepaper lists out the advantages of auditing
in TMF615 specification and explains through scenarios as to how exactly it can be used to resolve security issues.
It is clear that monitoring security breaches through TMF615 auditing will help create a compliant and risk optimized system that will have a definite competitive advantage.
TM Forum or the Tele- management Forum is an international
(Operation Support System) products managing the network. In order
association of industries that seeks to deal with the complex issues that
to address this major issue, TM Forum has developed the TMF615
are inherent in the business of service provision. Vendors subscribe to
specification which advocates managing the entire user provisioning and
the standards, specifications and procedures directed by the TMF. Wipro
auditing needs from a single place for the entire organization. In Wipro’s
has found it expedient to comply with TMF’s guidelines to provide the
own experience with telecom service providers, auditing with these
best value to its customers. In this paper, we discuss TMF615
specifications has been useful in detecting security threats and managing
specifications in particular and how complying with these specifications
the network effectively.
can help investigate and, thereby, minimize security risks.
The below figure gives a overview of current problem pertaining to User
Telecom service providers have for long lived with the problem of
Provisioning in large service networks with multiple OSS vendor
provisioning/managing users and access rights across the various OSS
solutions.
OSS Provider 1
User Management
Network
OSS Provider 2
OSS Provider n
User Management
Process Flow of User Management in Heterogeneous Networks
02
TMF615 Solution
TMF615 specification details an interface which makes it possible for
service providers to consistently provision telecom OSS operator’s
Following are some of the key advantages of TMF615:
access rights and authorities across systems using a central user
management system (UMS-C). The interface deals with the information
• Centralized User Provisioning across the Network
exchange required between UMS-C and local user management system
(UMS-L), related to the provision of access rights, authorities and
• Ability of Service Provider to Define Roles
auditing. UMS-L is a local UM solution for the OSS, which is usually
vendor specific OSS. TMF615 specification introduces the concept of
• Centralized User Auditing
UMS-C and UMS-L, and provides a Web Services based integration
• Significant Savings in terms of Money and Effort
profile.
Each administrator action at UMS-C will result in a simple object access
protocol (SOAP)/http message coming to UMS-L, which will be
processed, based on the request type and appropriate response will be
sent back to UMS-C. The picture given below illustrates the process.
User Access
O SS
O SS
Prov
Prov
Network
O SS
ider
1
ider
2
Prov
ider
n
UMS-L
UMS-C
UMS-L
WSDL/SOAP
UMS-L
UMS-L
User
Management
User Access
TMF615 Compliant User Management
03
Auditing in TMF615
Specification
In the following chapters, we explain each of the advantages of auditing
mentioned in the TMF615 specification. To make the benefits clearer,
Auditing is absolutely necessary for any user management system to
we consider a practical problem scenario and show how different
monitor the activities of provisioned users/administrators and prevent
auditing features can be used for analysis and reporting.
misuse. TMF615 specification supports two types of auditing.
with each other. This checks the user accounts and their authorities
Problem Description- Security
Breach
currently at UMS-L. Following are the Status Audit operations
A major problem faced by operators is the constant threat to security.
supported by TMF615 specification:
A number of operators work round the clock to ensure that there is
Status Audit – This is mainly used to synchronize UMS-C and UMS-L
no loss of service to the subscribers while simultaneously ensuring that
• User Provisioning Information
there is no loss of revenue data which is a prerequisite for billing
• Target Account Information
purposes. Each of these operators has a unique role and is dedicated
Audit Trail – This deals with monitoring the activities of provisioned
users over a period of time and is very critical to security. Reports
which provide details on the user status and actions performed can be
generated. Following are the Audit Trail operations supported by
TMF615 specification:
to specific tasks like monitoring network events, faults etc. There are
number of applications which the operators use for effective
monitoring and reporting purposes.
Typically, the operator who monitors the network is intimated of many
critical alarms indicating the loss of events from the network. This is
• User Admin Operations
quickly escalated to the network administrator. The network
• User Provisioning Operations
administrator during his monitoring of the telecom network discovers
• Target Admin Operations
that the configuration of the critical section was radically transformed
• Targets Account Usage
leading to service outage to the end customers. It leads to major
management escalation as it caused a huge revenue leak and loss of
• Targets Authorization Usage
In order to get more information on individual audit operations, please
credibility for the organization. The below figure depicts this problem.
check TMF615 specification document from TM Forum.
OSS
Network
Network
Network
update
SSO
User
Access
Security Breach – Network Configuration Change
04
Problem Generation- How is
the problem created?
administrator creates a new user. The user is added to the UMS-L
which, in turn, updates the Database store. Automatically, the OSS
application is updated with the new User Account along with its role.
The following diagram is a pictorial representation of how the
UMS-L
UMS-C
DataStore
Target/
plicati
OSS Ap
on
“Create New User”
AddUser()
“Update DB()”
Create User and Accounts with Role ()
Admin
Create User and Accounts with Role ()
“Update DB()”
AddUser()
Sequence Diagram – Administrator Creates a New User
Subsequently, the new User logs in and updates the network configuration creating the problem, as illustrated below.
OSS
cation
SSO Appli
Login()
DataSto
re
SS
Target/O
r
Netwo k
“Update DB()”
Update Network Configuration ()
Update Network Configuration ()
User
Logout()
“Update DB()”
Sequence Diagram – User Changes the Network (Problem Creation)
05
In the final act the user and its accounts are deleted by the administrator, this is illustrated below.
UMS-C
UMS-L
DataSto
re
Target/
plicatio
OSS Ap
n
“Delete User”
Remove User()
“Update DB()”
Delete User and Accounts with Role ()
Admin
Delete User and Accounts with Role ()
“Update DB()”
Remove User()
Sequence Diagram - Admin Deletes the User
Problem Analysis- Using
TMF615 Auditing
Finding the Login Account and
User
Ideally, the operators who were assigned the role of ‘Network
The only information available to the auditor at this stage is that any
Configurators’(usually administrators or senior operators) could have
operator who has been assigned the role of “Network Configurator” is
implemented the network update activity. However, initial investigation
capable of damaging the network. In order to find out which
revealed that none of them were actually present in office when the
users/accounts were used with this role during that time period, the
security breach was suspected. The TMF615 Audit feature provides a
auditor can use the audit operation “Target Authorization Usage”. This
good framework for tracking and locating the exact problem.
audit operation gives a list of all accounts (and their users) which
Following is a step-by-step procedure that can be followed by the
posses the role “Network Configurators” and were active during the
auditor to resolve this specific issue. See how after every step, the
specified time period. Now in this list, the auditor has to scan the
auditor finds more critical information that helps him get to the root of
accounts/users and find out the account used and the suspect user.
the problem. All the steps have been mapped to audit functions
After a brief analysis, the auditor isolates the account/user which seems
mentioned under TMF615. The first task is to find the login account
to be dangling and does not actually belong to any of the existing
and user.
operators or administrators.
Finding the
login account
& user
Mapped to
Target
Authorization
Usage under
TMF615
Process
Target
Authorization
Usage gives a
list of all
accounts
(and their users)
Output
Suspect
user & account
ID
The next task is to locate the time period when the suspect account was actually used.
06
Finding the Login and Logout
time
This audit operation gives the exact time slot, with login and logout
time, during which this account was active. This establishes the user,
account and the time duration during which the damage was inflicted.
In order to find the exact time slot when the suspect account was
active, the auditor uses the audit operation “Target Account Usage”.
Finding the
login & logout
time
Mapped to
Target Account
Usage under
TMF615
Process
Target Account
Usage gives the
exact time slot
with login &
logout time
Output
Time slot of
the security
breach
Gathering User Information
However, it might happen that this audit operation does not yield any
In order to gather all the details about the user, the auditor uses the
significant result. The “lookup user” operation informs that the user
audit operation “User Provisioning Information”. This audit operation
does not exist.
gives all the user details like accounts, roles and its working schedule.
Gathering user
information
Mapped to
User
Provisioning
Information
under TMF615
Process
Checking the Account in the
Target
User Provisioning
Operations gives
user details like
accounts, role
and working
schedule
User does
not exist
Output
Information". This operation might not lead to any substantial information either. The auditor now believes that the problem in the network
As the user is not found, the auditor tries to check if the account exists
is not a mistake committed while using the tools but a clear case of
only on a target system without user association, like a dangling
intentional security breach.
account. For this the auditor uses the audit operation "Target Account
Checking
account in
the target
Mapped to
Target Account
Information
under TMF615
Process
Target Account
Usage provides
account
information
Output
Suspect
account does
not exist on
target
The next steps are crucial in locating the exact problem.
07
Below is a sequential illustration of the process by which the auditor is able to track down the User, account and time slot of the problem.
UMS-L
UMS-C
Auditor
1.a Finding the login
account and User
1.b Target Authorization
usage()
1.d Finding the login
account and User
1.c Target Authorization
usage()
2.a Finding the login
and Logout time
2.b Target Account
usage()
Get Role usage Data()
Get Role usage Data()
Get Role usage Data()
Get Role usage Data()
2.c Target Account
usage()
2.d Finding the login
and Logout time
3.a Gather all the
user information
Datastore
3.b Users Provisioning
Information()
3.d Gather all the
user information
4.a Check the account
in the Target
4.d Check the account
in the Target
3.c Users Provisioning
Information()
4.b Target account
Information()
Get Role usage Data()
Get Role usage Data()
Get Role usage Data()
Get Role usage Data()
4.c Target account
Information()
Sequence Diagram – Auditor Locates Suspect User, Account & Time Slot of Problem Creation
Who Created the User?
the suspected user was created and deleted after a short span of time.
In order to determine who was responsible for creating the user, the
Also, it reveals crucial information about which of the existing adminis-
auditor uses the audit operation “User Admin Operations” and
trators created it. Administrator can be identified using the request
specifies the time range in which the deed was committed. This audit
identifier at UMS-C.
operation gives a wealth of information to the auditor. It reveals that
User creation
Mapped to
User Admin
Operations
under TMF615
Process
User Admin
Operations
provides
information about
the administrator
who created the
user
Output
Suspect
account does
not exist on
target
What were the Details of this
Suspect User?
Auditor can use the audit operation “User Provisioning Operations” to
determine the exact provisioning details of this user.
Details of the
suspect user
Mapped to
User
Provisioning
Operations
under TMF615
Process
User Provisioning
Operations
provides
provisioning
details
Output
Provisioning
details of the
user
08
Who Created the Account?
at the root of the problem is identified by using the advanced audit
Finally, in order to determine similar details for the account, the auditor
features supported by TM615 specification. Thus, the TM615 specifica-
uses the audit operation “Target Admin Operations” and specifies the
tion is successful in delivering in a situation that requires investigation
time range. This step reveals that the suspected account was created
into a security breach problem. Similarly, several other problems can
and deleted after a short span of time. More importantly, the adminis-
also be identified and resolved by the TM615 specification.
trator responsible for creating it is identified. The administrator who is
Creator of
the account
Mapped to
User
Provisioning
Operations
under TMF615
Process
User Provisioning
Operations
provides
provisioning
details
Output
Provisioning
details of the
user
Below is a sequential illustration of how the auditor is able to isolate the details of the suspect User, account and administrator
5.a Who created
the user?
5.d Who created
the user?
6.a Get the details of this
suspect user
6.d Get the details of this
suspect user
7.a Who created
the account?
7.d Who created
the account?
5.b User Admin
Operation()
5.c User Admin
Operation()
6.b Users Provisioning
Operations()
6.c Users Provisioning
Operations()
7.b Target Admin
Operations()
7.c Target Admin
Operations()
Get Admin Operation Data()
Get Admin Operation Data()
Get History User Data()
Get History User Data()
Get History Account Data()
Get History Account Data()
Sequence Diagram – Auditor Gets Details about Suspect User, Account & Administrator
09
Future challenges: Asynchronous Mode in Auditing
future. As depicted in the illustration below, the asynchronous mode of
auditing allows the UMS-L to collect auditing data regularly and send
The only aspect of auditing that TMF615 leaves unresolved is the
the reports to UMS-C. Such reports are extremely useful to the admin-
asynchronous mode of auditing. This, however, is a challenge for the
istrator in managing and monitoring the OSS security effectively.
UMS-L
UMS-C
“Create New
Auditing Request”
DataStore
Target/ O
SS Applic
ation
Enable Auditing()
“Update DB()”
Activate Auditing Log Collection()
Admin
Activate Auditing Log Collection()
“Update DB()”
Enable Auditing()
“Update DB()”
Collect Audit Data()
Collect Audit Data()
Auditing Report
Collect Audit Data()
“Update DB()”
Collect Audit Data()
Auditing Report
Sequence Diagram – Asynchronous Mode in Auditing
Compliant and risk optimized
solution
result in compliant and risk optimized solutions that have a distinct
competitive advantage. Given this benefit, it is only a question of time
TMF615 is specifically geared towards enhancing the efficiency of a
before more telecom services providers adopt TMF615 specifications
system focusing on the security threats that plague modern
to ward-off security threats and manage the system more effectively.
organizations and systems. Systematic investigation of security breaches
10
Conclusion
It is clear that TMF615 supported auditing delivers huge benefits to
Following future improvements are being considered for enterprise
service providers. Auditing can also be managed completely at the
security at TM Forum:
UMS-C, if it captures all the user provisioning data sent to UMS-LsThe
• Asynchronous operations support
major advantages of TMF615 are:
• Enhanced error reporting
• Centralized management of all operators in the service provider network
• More information for operators relating to integration and migration to
• Single sign on/off can be realized quickly through proper integration with
TMF614 specification
• Increased security with the auditing feature
TMF615/TMF614 and SCA standards
• Specific ongoing work in order to standardize audit through "Security
Compliance Audit Automation (SCA)"
• Increased security due to proper management of operator permission
and schedule
• Faster user provisioning and increased automation leading to
considerable cost benefits
Despite these improvements suggested for the future, TMF615 is
definitely geared towards creating compliant and risk optimized
systems. Telecom services providers would have a competitive edge
were they to adopt this solution for their systems.
11
Appendix
Terms and Definitions
References
• TM
Forum.
TMF615
Specification.
Website:
http://www.tmforum.org/InformationAgreements/TMF615Telec
omOSS/37358/article.html
• Unified
Modeling
Language
(UML).
Website:
• World Wide Web Consortium (W3C). SOAP 1.2 Specification.
Website: http://www.w3.org/TR/soap12
SPML 2.0 specification. Website: www.oasis-open.org/specs/
Web
Consortium
• OS – Operating System
• SOAP – Simple Object Access Protocol
• SSO – Single Sign On
• Oasis – Advancing Open Standards for the Information Society.
Wide
• NE – Network Element
• OSS – Operation Support System
http://www.omg.org/spec/UML/
• World
• eTOM – enhanced Telecom Operation Map
(W3C).
WSDL
• TMF – Tele Management Forum
2.0
Specification. Website: http://www.w3.org/TR/wsdl20
12
Mohammed Ibrahim Aleem is an Architect working with Wipro's Global Media and Telecom division. He
has extensive experience is architecting/designing and providing consultancy for telecom OSS solutions.
He is a specialist in the areas of identity management and security. He has been involved with many
telecom solution implementations and consulting assignments and is well aware of the processes,
standards and the best practices involved. He is an active member of the Enterprise Security Group at
TM Forum and is working closely towards the development of user management and single sign on/off
standards.
Wipro in Media & Telecom
Wipro Global Media and Telecom is the newly formed SBU which combines Telecom Equipment Vendors (TEV), Global Communications Service
Providers (GCSP) and Media & OTT business units globally. Wipro is a strategic partner across the digital supply chain starting from content creation to
content consumption and uniquely positioned to address Digital transformation and help organizations Do Business Better in a Digital World. Wipro’s
vertically aligned business model gives a deep understanding of customers’ businesses to build industry specific solutions, while technology service lines
provide the ability to design new solutions on emerging technologies delivering winning business outcomes.
About Wipro Technologies
Wipro Technologies, the global IT business of Wipro Limited (NYSE:WIT) is a leading Information Technology, Consulting and Outsourcing company,
that delivers solutions to enable its clients do business better. Wipro Technologies delivers winning business outcomes through its deep industry
experience and a 360 degree view of “Business through Technology” – helping clients create successful and adaptive businesses. A company
recognised globally for its comprehensive portfolio of services, a practitioner’s approach to delivering innovation and an organization wide commitment
to sustainability, Wipro Technologies has over 120,000 employees and clients across 54 countries.
For more information, please visit www.wipro.com or info@wipro.com
13
DO BUSINESS BETTER
W W W. W I PRO.COM
N Y S E : W I T | OV E R 120,000 EMPLOYEES | 54 COUNTRIES | CONSULTING | SYSTEM INTEGRATION | O U T S O U R C I N G
WIPRO TECHNOLOGIES, DODDAKANNELLI, SARJAPUR ROAD, BANGALORE - 560 035, INDIA TEL : +91 (80) 2844 0011, FAX : +91 (80) 2844 0256, email : info@wipro.com
North America South America Canada United Kingdom Germany France Switzerland Poland Austria Sweden Finland Benelux Portugal Romania Japan Philippines Singapore Malaysia Australia
© Copyright 2011. Wipro Technologies. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means, electronic, mechanical,
photocopying, recording, or otherwise, without express written permission from Wipro Technologies. Specifications subject to change without notice. All other trademarks mentioned herein are the
property of their respective owners. Specifications subject to change without notice.
IND/UNPL/JULY2011-DEC2011
Related documents
COVER LETTER SAMPLE
COVER LETTER SAMPLE
Accounting 241 Outline
Accounting 241 Outline
Green Impact Auditor
Green Impact Auditor
The Antecedents of Internal Auditors* Adoption of
The Antecedents of Internal Auditors* Adoption of
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Hungary - Internal Audit Manual -_NE201106
Hungary - Internal Audit Manual -_NE201106
Module six - part 2 updated version
Module six - part 2 updated version
Chapter-17 Audit of Information Systems IS Auditor must ensure
Chapter-17 Audit of Information Systems IS Auditor must ensure
Download