Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
the m<strong>in</strong>imal subset of security controls that have been identified by this study: VPN<br />
encapsulation, packet filter, firewall, ASBR, high-assurance LAN, and QoS.<br />
7. Exist<strong>in</strong>g airborne system assurance processes need to be extended to recognize that<br />
networks are a complex <strong>in</strong>tegrated system with unique attributes. For example,<br />
ARP 4754 processes need to recognize that networks are potentially hostile environments<br />
and that humans are a constituent element with<strong>in</strong> networked systems. Human access to<br />
networks should not be solely equated to the humans who are authorized to access<br />
airborne networks. Rather, it should also consider <strong>in</strong>dividuals who are only authorized to<br />
access remote networks to which the airborne network is <strong>in</strong>directly l<strong>in</strong>ked. If airborne<br />
networks are directly or <strong>in</strong>directly connected to the Internet, this means that over one<br />
billion people can theoretically potentially access airborne networks. Consequently, the<br />
processes need to be extended to address possible network attack threats upon the<br />
<strong>in</strong>tegrity and availability of the system and its items. This requires an assured software<br />
download process for airborne software us<strong>in</strong>g FIPS 186 (i.e., the U.S. Federal DSS [81]).<br />
A secure mechanism that automatically verifies the cont<strong>in</strong>ued <strong>in</strong>tegrity of deployed<br />
airborne software items with<strong>in</strong> airborne networks is also needed.<br />
8. It is entirely appropriate to use CRCs as polynomial codes to assist <strong>in</strong> transmission bit<br />
error detection and correction across networks and data buses. However, it is<br />
<strong>in</strong>appropriate (and risky) to use CRCs for software identity and <strong>in</strong>tegrity protections<br />
with<strong>in</strong> networked environments. Rather, document and code-sign<strong>in</strong>g mechanisms<br />
conform<strong>in</strong>g to U.S. Federal DSS (FIPS 186, [81]) need to be used <strong>in</strong>stead.<br />
9. The networks of the NAS and the worldwide ground networks that communicate with<br />
airborne networks need to be designed with an architecture and design that is consistent<br />
with that used by airborne networks if the security and safety provisions of airborne<br />
networks are to be preserved. Specifically, ground-based entities that communicate with<br />
items or systems located with<strong>in</strong> airborne network partitions (i.e., VPN enclaves) must<br />
themselves be with<strong>in</strong> the same VPN enclave network partition as the airborne systems<br />
with which they communicate.<br />
10. Items and systems that have been assured for stand-alone system deployments should be<br />
reassured whenever they are deployed with<strong>in</strong> networked environments <strong>in</strong> accordance<br />
with extended airborne system assurance processes that support network deployments.<br />
Former assurance results must be reassured (revalidated and reverified) on an entity-byentity<br />
basis before the device or software component is deployed <strong>in</strong> networked<br />
environments.<br />
11. Larger software implementations (i.e., large numbers of l<strong>in</strong>es of code) pose certification<br />
challenges for networked environments because of potential vulnerabilities to attack<br />
caused by (possible) latent software bugs. Large software programs or applications are<br />
more vulnerable <strong>in</strong> the general case because their large size <strong>in</strong>creases the probability of<br />
latent blemishes with<strong>in</strong> the code that can be exploited by network attacks.<br />
140