Using ITU-T X.805 for comprehensive network security assessment and planning

In the wake of recent events, network security and reliability have become top issues for service providers and enterprises. The worldwide cost of cyber attacks is estimated to have been in the 145 billion dollar range for 2003. 2003 was also regarded as the "worst year ever" for computer viruses and worms; in 2001 the Code Red worm took several days to create widespread damage, whereas Slammer in 2003 had significant impact in just minutes. Over 90% of network attacks resulting in significant financial loss originate from inside a network's perimeter. Unfortunately, there appears to be no end in sight to these threats to network security; in fact, there is an increasing trend of attacking financial resources in addition to computing resources. The newly ratified ITU-T Recommendation X.805 "security architecture for systems providing end-to-end communications" was developed as the framework for the architecture and dimensions in achieving end-to-end security of distributed applications. It provides a comprehensive, multilayered, end-to-end network security framework across eight security dimensions in order to combat network security threats. We introduce the X.805 standard and describe how it can be applied to all phases of a network security program. We also provide examples of the business impact of network security vulnerabilities and the application of X.805 for network security assessments. Enterprises and service providers alike should use X.805 to provide a rigorous approach to network security throughout the entire lifecycle of their security programs.