Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
(see section 9.10). A secure mechanism to associate software versions with appropriate<br />
target devices with<strong>in</strong> aircraft also needs to be established that has viable <strong>in</strong>tegrity and<br />
nonrepudiation attributes. The software that is stored with<strong>in</strong> the authoritative storage<br />
facility needs to be digitally signed <strong>in</strong> accordance with the U.S. Federal DSS (FIPS<br />
Publication 186) by an <strong>in</strong>dividual authorized to sign aircraft software. The secure<br />
software download system also <strong>in</strong>cludes provisions to ensure that mandatory onboard<br />
aircraft procedures verify that the received software has been signed by an authorized<br />
<strong>in</strong>dividual and that the software has not been modified subsequent to sign<strong>in</strong>g (i.e.,<br />
software <strong>in</strong>tegrity and authorization protections) as a prerequisite for deploy<strong>in</strong>g the<br />
software with<strong>in</strong> aircraft.<br />
• Software, after it has been securely <strong>in</strong>stalled upon aircraft, must undergo frequent (e.g.,<br />
potentially several times an hour) <strong>in</strong>tegrity verification checks to verify that the currently<br />
<strong>in</strong>stalled software is what it purports to be and that it has not been clandest<strong>in</strong>ely replaced<br />
by a Trojan horse or other unauthorized software variant. There are a number of<br />
mechanisms by which such tests may be accomplished, <strong>in</strong>clud<strong>in</strong>g Tripwire mechanisms<br />
[94]. It is important that the onboard <strong>in</strong>tegrity verification procedures themselves be<br />
designed to be as impervious as possible to compromise from network attacks.<br />
The second secondary effect is to supplement the current certification policy by <strong>in</strong>troduc<strong>in</strong>g a<br />
wide range of penetration tests upon the actual completed airborne system. These tests should<br />
systematically address the capabilities of the network airborne deployment system under<br />
evaluation, which <strong>in</strong>cludes its security controls, to withstand the range of attack vectors that are<br />
described <strong>in</strong> appendix A. These tests will hopefully identify latent vulnerabilities with<strong>in</strong> the<br />
proposed networked system itself that need to be fixed as a condition for becom<strong>in</strong>g approved.<br />
While such test<strong>in</strong>g cannot provide assurance guarantees, it can identify specific areas need<strong>in</strong>g<br />
additional attention.<br />
“Operational system security test<strong>in</strong>g should be <strong>in</strong>tegrated <strong>in</strong>to an organization’s<br />
security program. The primary reason for test<strong>in</strong>g an operational system is to<br />
identify potential vulnerabilities and repair them prior to go<strong>in</strong>g operational. The<br />
follow<strong>in</strong>g types of test<strong>in</strong>g are described: network mapp<strong>in</strong>g, vulnerability<br />
scann<strong>in</strong>g, penetration test<strong>in</strong>g, password crack<strong>in</strong>g, log review, <strong>in</strong>tegrity and<br />
configuration checkers, malicious code detection, and modem security. …<br />
Attacks, countermeasures, and test tools tend to change rapidly and often<br />
dramatically. Current <strong>in</strong>formation should always be sought.” [41]<br />
A related topic is that the worldwide civil aviation community needs to identify common<br />
solutions for identity (section 4.8), IP address<strong>in</strong>g (sections 5.3 and 5.4), nam<strong>in</strong>g, 30 rout<strong>in</strong>g<br />
(section 5.5), protocol security (section 4.5), and authentication (section 4.9) subsystems. These<br />
common approaches need to be realized by consistent technology and configuration choices that<br />
produce a coherent worldwide civil aviation network <strong>in</strong>frastructure. These important technical<br />
30<br />
Because airborne nam<strong>in</strong>g issues are common to nam<strong>in</strong>g issues present elsewhere <strong>in</strong> the Internet, this study did<br />
not specifically discuss nam<strong>in</strong>g. Readers who are unfamiliar with Internet nam<strong>in</strong>g are encouraged to learn about<br />
the DNS protocol (see RFC 2535).<br />
95