Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operational Security Capabilities for IP Network Infrastructure

Published byClaud Woods Modified over 8 years ago

Similar presentations

Presentation on theme: "Operational Security Capabilities for IP Network Infrastructure"— Presentation transcript:

1 Operational Security Capabilities for IP Network Infrastructure
OPSEC WG _______ Operational Security Capabilities for IP Network Infrastructure IETF #61 IETF-61 OPSEC WG

2 Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: the IETF plenary session, any IETF working group or portion thereof, the IESG, or any member thereof on behalf of the IESG, the IAB or any member thereof on behalf of the IAB, any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices, the RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 3667 and RFC 3668. Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 3667 for details. IETF-61 OPSEC WG

3 Front Administrativia
Note scribe. Jabber scribe (opsec) ietfxmpp.org When speaking: Please identify yourself (for the scribes) Don’t mumble IETF-61 OPSEC WG

4 Agenda 1. Agenda bashing. 2. The Charter. [ Pat/Ross]
< 3. The Framework Doc. <draft-jones-opsec-framework-01.txt> * Overview (George) * Threats (Merike) 4. The Standards Survey Doc. <draft-lonvick-sec-efforts-01.txt> 5. The Survey of Service Provider Security Practices Doc. [ Merike ] 6. Go home. IETF-61 OPSEC WG

5 Charter: Scope The working group will list capabilities appropriate for devices used in: * Internet Service Provider (ISP) Networks * Enterprise Networks The following areas are excluded: * Wireless devices * Small-Office-Home-Office (SOHO) devices * Security devices (firewalls, Intrusion Detection Systems, Authentication Servers) * End Hosts The plan is to have multiple small documents IETF-61 OPSEC WG

6 Charter: Outputs Framework Document Current Practices Document
The plan, scope, etc Current Practices Document * threats addressed, * current practices for addressing the threat, * protocols, tools and technologies extant at the time of writing Individual Capability Documents The detail for the various categories Profile Documents IETF-61 OPSEC WG

7 Profiles/Capabilities in Charter
ISP Operational Security Capabilities Profile Enterprise Operational Security Capabilities Profile Capabilities: Packet Filtering Event Logging In-Band management Out-of-Band management Configuration and Management Interface Authentication, Authorization and Accounting (AAA) Documentation and Assurance Miscellaneous IETF-61 OPSEC WG

8 Charter-related issues
There are a lot of documents The document tradeoff: One really big on versus many tiny ones. We need lots of editors  IETF-61 OPSEC WG

9 Framework Doc <draft-jones-opsec-framework-01.txt>
Specified in charter IETF-61 OPSEC WG

10 OPSEC Working Group Framework Document
George Jones November 9, 2004 IETF-61 OPSEC WG

11 Framework Overview + Framework defines docs, work, scope, threats, attacks, etc. + Standards Survey surveys related work (Chris) + Operator Practices Survey lists current practices (Merike) + Capability docs list capabilities to support current and future practices. IETF-61 OPSEC WG

12 - Framework Changes in -01:
+ Attacks/Threat Model (Merike) + 1,$s/Requirements/Capabilities/g - Framework Changes for -02 ? + Need to correlate charter and framework document lists. + Drop list of documents from framework ? + Need to clarify intended status of documents. + Reduce # of documents ? IETF-61 OPSEC WG

13 Standards Efforts <draft-lonvick-sec-efforts-01.txt>
Not currently a workgroup document Should it be? IETF-61 OPSEC WG

14 Survey of Current Practices
<no-draft-yet> Specified in charter IETF-61 OPSEC WG

15 Table of Contents IETF-61 OPSEC WG 1. Introduction
2. Problem Statement 3. Device Access Security 3.1 Threat Description 3.2 Best Current Practice Logical access Console Access HTTP SNMP 4. Authentication / Authorization 4.1 Threat Description 4.2 Best Current Practice Device Access Routing MAC Address 5. Filtering 5.1 Threat Description 5.2 Best Current Practice General Inbound Traffic Filters General Outbound Traffic Filters Device Access Filters Route Filters MAC Address Filters DoS Mitigation Filtering SinkHole / Blackhole uRPF 6. Logging (accounting) 6.1 Threat Description 6.2 Best Current Practice What traffic is logged What fields are logged How long are logs kept Local buffer vs syslog (for backup info) Authentication from peer to peer of log files? Integrity check of log files? NTP source considerations 7. Device Integrity 7.1 Threat Description 7.2 Best Current Practice Device Image Upgrade Device Configuration Management/Logging Information 8. Specific Protocol/Service Concerns 8.1 Threat Description 8.2 Best Current Practice ICMP Generally Unused Services 9. Policy/Procedural Considerations 9.1 Threat Description 9.2 Best Current Practice Equipment Software Update Equipment Configuration Change IETF-61 OPSEC WG

16 Discussion/Administratia
Time for Discussion Maillist: General Discussion: To Subscribe: In Body: subscribe Archive: IETF-61 OPSEC WG

Download ppt "Operational Security Capabilities for IP Network Infrastructure"

Similar presentations

IETF Calsify.

IETF Calsify.
1 ISMS WG 79th IETF Beijing November 10, 2010 Goal:Creating a security model for SNMPv3 that will meet the security and operational needs of network administrators.

1 ISMS WG 79th IETF Beijing November 10, 2010 Goal:Creating a security model for SNMPv3 that will meet the security and operational needs of network administrators.
PPSP WG IETF-80, Prague, March 28, 2011 Chairs: Yunfei Zhang Cullen Jennings Jabber:

PPSP WG IETF-80, Prague, March 28, 2011 Chairs: Yunfei Zhang Cullen Jennings Jabber:
IETF 64 P2PSIP AdHoc Meeting Remembrance Day November 11, 2005 Vancouver, BC, Canada David A. Bryan.

IETF 64 P2PSIP AdHoc Meeting Remembrance Day November 11, 2005 Vancouver, BC, Canada David A. Bryan.
L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.

L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
PPSP Working Group IETF-89 London, UK 16:10-18:40, Tuesday, 2014-3-4 Webex:http://www.ietf.org/meeting/89/remote- participation.html.

PPSP Working Group IETF-89 London, UK 16:10-18:40, Tuesday, Webex: participation.html.
CCAMP Working Group Online Agenda and Slides at: Tools start page:

CCAMP Working Group Online Agenda and Slides at: Tools start page:
DRINKS Interim („77.5“) Reston, VA 05.05.2010. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.

DRINKS Interim („77.5“) Reston, VA Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.
IETF 90: NetExt WG Meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft.

IETF 90: NetExt WG Meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft.
Multiple Interfaces (MIF) WG IETF 78, Maastricht, Netherlands Margaret Wasserman Hui Deng

Multiple Interfaces (MIF) WG IETF 78, Maastricht, Netherlands Margaret Wasserman Hui Deng
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
DISPATCH WG: ad hoc meeting on DREGS IETF-76 Mary Barnes (Dispatch WG co-chair) Eric Burger (ad hoc chair) 12 November 20091 DREGS ad hoc (DISPATCH) IETF.

DISPATCH WG: ad hoc meeting on DREGS IETF-76 Mary Barnes (Dispatch WG co-chair) Eric Burger (ad hoc chair) 12 November DREGS ad hoc (DISPATCH) IETF.
SIPCLF Working Group Spencer Dawkins Theo Zourzouvillys IETF 76 – November 2009 Hiroshima, Japan.

SIPCLF Working Group Spencer Dawkins Theo Zourzouvillys IETF 76 – November 2009 Hiroshima, Japan.
IETF-63 OPSEC WG OPSEC WG _______ Operational Security Capabilities for IP Network Infrastructure IETF #65 - Dallas.

IETF-63 OPSEC WG OPSEC WG _______ Operational Security Capabilities for IP Network Infrastructure IETF #65 - Dallas.
IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th 2011 0.

IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th
HIP Working Group IETF 62 Gonzalo Camarillo David Ward.

HIP Working Group IETF 62 Gonzalo Camarillo David Ward.
1 NOTE WELL Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

1 NOTE WELL Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Multi6 Working Group IETF-61, Washington D.C November 8-12, 2004.

Multi6 Working Group IETF-61, Washington D.C November 8-12, 2004.
GROW IETF 78 Maastricht, Netherlands. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.

GROW IETF 78 Maastricht, Netherlands. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.

Similar presentations

Ads by Google