Apt report on type approval and test of information technology equipment

Figure - Latency with IMIX Traffic Test Chart

6. 
   IMIX Frame Loss
   

7. 
   Maximum Capacity
   

• 
  Concurrent TCP Connection Capacity: The maximum number of concurrent TCP connections supported through the DUT, as defined in RFC 2647. This test is intended to find the maximum number of entries the DUT can store in its connection table.
  
• 
  Maximum TCP Connections Per Second (Maximum TCP Connection Establishment Rate): The maximum TCP connection establishment rate through or with the DUT as defined by RFC 2647. This test is intended to find the maximum rate the DUT can update its connection table.
  
• 
  Maximum HTTP Transactions Per Second (Maximum HTTP Transaction Rate): The maximum transaction rate the DUT can sustain. This test is intended to find the maximum rate at which users can access objects.
  

2. 
   Security Features
   

• 
  Baseline Policy: Route traffic from one port to another, e.g., route LAN traffic to WAN.
  
• 
  Logging: Log security events like deny connection, detect attacks , ….
  
• 
  Packet filtering: Filter packets based on security rules like filter based on destination IP and Port, source IP , …
  
• 
  IP Address Spoofing Protection: Attacker from the external network may try to access the internal network by spoofing the IP address of an internal IP address.
  
• 
  SYN Flood Protection: The DUT is expected to protect itself and internal servers against SYN flood attack.
  

7. 
   Security Evaluation Criteria
   

Table shows the classification of security devices based on performance measures. The performance measures include throughput, Concurrent TCP Connections, maximum TCP connections and maximum HTTP transaction rate. The tested device is considered to be in one of the categories A, B, C, D or F (fail) according to these measures.

Table presents, as an initial suggestion, the minimum required criteria for network security device evaluation. These criteria are based on security characteristics and reactions to attacks tests. The criteria mentioned in Table include:

• 
  Baseline Policy: Considering that firewall and IPS are active network devices, they ought to have basic routing capability. However, an IDS is a passive device that only monitors the passing traffic so it does not need to have this capability.
  
• 
  Logging: All security devices should be able to log security events for further analysis. Other activities such as users logging to system, or configuration changes , are readily observable through system logs.
  
• 
  Packet Filtering Protection: Regarding the functionality of IPS and firewall, they have to be able to perform packet filtering based on security policies.
  
• 
  IP Spoofing Protection: As the security policies of IPS and firewall are usually expressed with IP addresses, devices should be able to detect IP spoofing for accurate policy application.
  
• 
  SYN Flood Attack Protection: IPS and firewall should be able to detect and prevent SYN flooding since they could not accept new connections in the presence of a SYN flooding attack.
  
• 
  Attack Detection and Prevention: Attack detection and attack detection/prevention are the main jobs of IDS and IPS respectively.
  

As IT equipment are widely used in the fields that may impact communication infrastructure, devices, environment or the life of users, we think that new regulations should be defined and applied for them. These regulations must not only take into the consideration traditional radio communication standards (such as SAR, EMC, EMI, safety) but also should have a look on performance or security issues as well as green environment. In this study we categorized IT equipment, surveyed different applicable standards, and proposed several draft criteria for some specific network and security devices. We think that this is the beginning of a challenging though interesting international effort and cooperation for proposing the best practices of such regulations. We hope that this work will encourage more people to contribute to the definition of new and suitable IT equipment Type Approval and test standards.

1. 
   https://www.ietf.org/rfc/rfc2544.txt
   
2. 
   https://tools.ietf.org/html/rfc2988
   
3. 
   https://tools.ietf.org/html/rfc6076
   
4. 
   https://tools.ietf.org/html/rfc7501
   
5. 
   https://tools.ietf.org/html/rfc7502
   
6. 
   7502 ETSI TS 132 409 V7.3.0 (2009-01) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Telecommunication management; Performance Management (PM); Performance measurements IP Multimedia Subsystem (IMS) (3GPP TS 32.409 version 7.3.0 Release 7)
   
7. 
   ETSI TS 132 454 V10.0.0 (2011-04) Technical Specification Universal Mobile Telecommunications System (UMTS); LTE; Telecommunication management; Key Performance Indicators (KPI) for the IP Multimedia Subsystem (IMS) (3GPP TS 32.454 version 10.0.0 Release 10)
   
8. 
   ETSI, TS. "102 027-3) Methods for Testing and Specification (MTS); Conformance Test Specification for SIP (IETF RFC 3261); Part 3: Abstract Test Suite (ATS) and partial Protocol Implementation eXtra Information for Testing (PIXIT) proforma ; SIP ATS & PIXIT." European Telecommunications Standards Institute, Sophia Antipolis, France. (2006)
   
9. 
   https://tools.ietf.org/html/rfc4475
   
10. 
    ETSI, ES. "201 168 (V1. 1.1):" Corporate telecommunication Networks (CN)." Transmission characteristics of digital Private Branch Exchanges (PBXs).
    
11. 
    Troy, Gene. "Introduction to the Common Criteria for IT Security (ISO 15408)." (1999)
    
12. 
    https://tools.ietf.org/html/rfc3511
    
13. 
    https://www.nsslabs.com/reports/categories/methodologies
    
14. 
    International Electrotechnical Commission. "IEC 60950-1." Information technology equipment – Safety – Part1: General requirements” (2005)
    
15. 
    International Electrotechnical Commission. "IEC 61000-4-7."Electromagnetic Compatibility, General Guide on Harmonics and Inter-harmonics Measurements and Instrumentation” (1991)
    
16. 
    http://www.rfemcdevelopment.eu/en/emc-emi-standards/en-55022-2010
    
17. 
    http://rfemcdevelopment.eu/en/emc-emi-standards/en-55024-2010
    
18. 
    Electromagnetic compatibility and Radio spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC) standard for radio equipment and services; Part 15: Specific conditions for commercially available amateur radio equipment, ETSI EN 301 489-15 V1.2.1 (2002).
    
19. 
    https://tools.ietf.org/html/rfc3261
    
20. 
    https://tools.ietf.org/html/rfc3264
    
21. 
    “Network Intrusion Prevention Systems Test Methodology V6.1”, NSS Labs
    
22. 
    Directive, E. E. C. "European community." Council Directive 98 (1990): 83.
    
23. 
    ETSI, EG. "201 120:" Public Switched Telephone Network (PSTN)." Method of rating terminal equipment so that it can be connected in series and/or in parallel to a Network Termination Point (NTP).
    
24. 
    https://tools.ietf.org/html/rfc2285
    
25. 
    https://www.ietf.org/rfc/rfc1242.txt