Skip to product information
1 of 9

PayPal, credit cards. Download editable-PDF & invoice in 1 second!

GM/T 0052-2016 English PDF (GMT0052-2016)

GM/T 0052-2016 English PDF (GMT0052-2016)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0052-2016 to get it for Purchase Approval, Bank TT...

GM/T 0052-2016: Cryptographic equipment management - Monitoring management specification of VPN device

This standard specifies the monitoring management of VPN device in important information systems and networks, to detect and locate illegal VPN device in the network and to detect illegal operations of the legal equipment in use. This standard applies to the development and application of VPN device monitoring management systems and monitoring equipment. It can also be used to guide the detection of such monitoring equipment.
GM/T 0052-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58557-2017
Cryptographic equipment management ?€?
Monitoring management specification of VPN device
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 6
5 Monitoring management system of VPN device ... 7
5.1 Architecture ... 7
5.2 Functional requirements ... 7
5.3 Management application layer ... 8
5.4 Management platform layer .. 8
5.5 Monitoring equipment layer of VPN device .. 8
5.6 Secure communication ... 9
5.7 Monitoring management process of VPN device ... 10
6 Monitoring data collection rules for VPN devices .. 13
6.1 Filtering rules .. 13
6.2 Detection rules based on the IPSec VPN protocol .. 13
6.3 Detection rules based on the SSL VPN protocol ... 14
7 Monitoring management message definition of VPN device ... 15
7.1 Overview ... 15
7.2 Monitoring equipment configuration messages of VPN devices .. 17
7.3 Filtering rule messages... 18
7.4 Monitoring equipment alert messages of VPN devices ... 19
Appendix A (Informative) XML definition example of message .. 22
A.1 XML definition of monitoring equipment configuration messages for VPN devices ... 22
A.2 XML definition of monitoring equipment filtering rule message of VPN devices ... 22
A.3 XML definition of monitoring equipment alert message of VPN devices ... 24 References ... 25
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. GM/T 0052 Cryptographic equipment management - VPN device monitoring
management specification is one of the cryptography device management
standards. This type of standard consists of a basic specification and a series of management application specifications and currently includes.
- Basic specifications. GM/T 0050 Cryptography device management -
Equipment management technical specifications;
- Management application specification. GM/T 0051 Cryptography device
management - Specifications of symmetric key management technology;
- Management application specification. GM/T 0052 Cryptographic
equipment management - VPN device monitoring management
specification;
- Management application specification. GM/T 0053 Cryptographic device
management - Remote monitoring and compliance verification interface
data specification.
Any contents of this standard related to the contents of cryptographic algorithms are implemented in accordance with relevant national laws and regulations. This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Shanghai Information Security Engineering Technology Research Center, Shanghai Jiao Tong University
School of Information Security, Shanghai Pengyue Jinghong Information
Technology Development Co., Ltd., Shanghai Huatang Network Co., Ltd.,
Weishitong Information Industry Co., Ltd., Shanghai Tianrongxin Network Security Technology Co., Ltd., Shanghai Xinhao Information Technology Co., Ltd.
Main drafters of this Standard. Wang Hao, Tian Li, Zhou Zhihong, Huang
Zhirong, Liao Wei, Zou Ru, Yuan Feng, Pan Shuyuan, Wang Hegang, Li
Junshan, Zhang Yuanchen, Lv Mingzhong, Pan Limin, Li Gaojian.
Cryptographic equipment management -
Monitoring management specification of VPN device
1 Scope
This standard specifies the monitoring management of VPN device in important information systems and networks, to detect and locate illegal VPN device in the network and to detect illegal operations of the legal equipment in use. This standard applies to the development and application of VPN device
monitoring management systems and monitoring equipment. It can also be
used to guide the detection of such monitoring equipment.
2 Normative references
The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard.
GM/T 0022-2014 IPSec VPN technical specifications
GM/T 0024-2014 SSL VPN technical specifications
GM/T 0050-2016 Cryptography device management -Equipment
management technical specifications
GM/T 0053-2016 Cryptographic device management - Remote monitoring
and compliance verification interface data specification.
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
VPN device
Devices that use VPN technology to implement secure communications
services in the network. The VPN device in this standard refers to the IPsec VPN and SSL VPN devices, including the network cryptographic machines
forensic analysis;
d) Maintain (add, change, and delete) a list of violation algorithms;
e) Maintain a list of filtered IP and establish a white list mechanism; f) Count the number of communication of VPN devices in the entire network; g) Provide query and statistical analysis of historical data.
5.3 Management application layer
The management application involved in this standard is the monitoring
management of VPN device.
For the monitoring management of VPN device, it shall capture and detect the data packets in the VPN key negotiation phase to analyze the VPN device application conditions in the network, to alert the illegal VPN device, to ensure the legal compliance of the VPN device.
5.4 Management platform layer
Requirements for the management platform layer follow clause 5.5 of GM/T 0050-2016.
5.5 Monitoring equipment layer of VPN device
The monitoring equipment of the VPN device is managed by the management agent, it follows clause 5.6 of GM/T 0050-2016 and clauses 5.3 and 5.4 of GM/T 0053-2016.
The monitoring equipment of VPN device is deployed in the entry-exit of the monitored network. It performs monitoring management for all VPN device in the network by means of bypass packet capture, is responsible for receiving the policies and instructions issued by the management application layer through the equipment management platform and security tunnel, parses the instruction, and returns the result of the execution.
The logical structure of the VPN device monitoring equipment is shown in Figure 2.
parsing and operating in accordance with the instruction content.
The monitoring equipment of the VPN device is managed by the management agent. All messages between the VPN device and the equipment management platform are sent through the security tunnel. The message PDU and usage instructions of the security tunnel follow clause 6 of GM/T 0050-2016.
The interaction information between the management application layer and the monitoring equipment of the VPN device includes two aspects.
a) The monitoring equipment of the VPN device reports information to the management application layer, including illegal VPN alert information;
b) The information issued by the management application layer to the
monitoring equipment of the VPN device, including the configuration
information and filtering rule information of the monitoring equipment of the VPN device.
5.7 Monitoring management process of VPN device
The monitoring management system workflow is as follows.
a) Deploy the monitoring device of the VPN device to the network backbone node, initialize it, and configure the uplink IP address;
b) After the VPN device's monitoring device is powered on, it automatically initiates a connection with the management application layer to perform identity authentication, including two-way IP binding and device ID
authentication with the uplink device;
c) After the management application layer authenticates the identity of the monitoring equipment of the VPN device, it performs initialized
configuration for this monitoring equipment;
d) The VPN monitoring device filters the captured data packets and collects various types of VPN packets in accordance with the configuration rules. e) Check the captured VPN packets and determine if the VPN device is in the white list in accordance with the IP address information, skip the
follow-up inspection steps and do not need further inspection;
f) If the VPN device is not on the white list, then extract the value of the cryptographic algorithm attribute (referring to the key algorithm attribute value of the first phase of the key exchange protocol), if the extraction fails, it skips to step i);
g) Compare the extracted algorithm attribute values with the definitions of 6 Monitoring ...

View full details