2.4.11 Operational Security Capabilities for IP Network Infrastructure (opsec)

NOTE: This charter is a snapshot of the 62nd IETF Meeting in Minneapolis, MN USA. It may now be out-of-date.

Last Modified: 2005-01-24


Ross Callon <rcallon@juniper.net>
Patrick Cain <pcain@acmehacking.com>

Operations and Management Area Director(s):

Bert Wijnen <bwijnen@lucent.com>
David Kessens <david.kessens@nokia.com>

Operations and Management Area Advisor:

David Kessens <david.kessens@nokia.com>

Technical Advisor(s):

George Jones <gmj@pobox.com>

Mailing Lists:

General Discussion: opsec@ops.ietf.org
To Subscribe: opsec-request@ops.ietf.org
In Body: In Body: subscribe
Archive: http://ops.ietf.org/lists/opsec/

Description of Working Group:


The goal of the Operational Security Working Group is to codify
knowledge gained through operational experience about feature sets
that are needed to securely deploy and operate managed network
elements providing transit services at the data link and IP

It is anticipated that the codification of this knowledge will be
an aid to vendors in producing more securable network elements,
and an aid to operators in increasing security by deploying and
configuring more secure network elements.


The working group will list capabilities appropriate for
devices use in:

* Internet Service Provider (ISP) Networks
* Enterprise Networks

The following areas are excluded from the charter at this time:

* Wireless devices
* Small-Office-Home-Office (SOHO) devices
* Security devices (firewalls, Intrusion Detection Systems,
Authentication Servers)
* Hosts


Framework Document

A framework document will be produced describing the scope,
format, intended use and documents to be produced.

Current Practices Document

A single document will be produced that attempts to capture
current practices related to secure operation. This will be
primarily based on operational experience. Each entry will

* threats addressed,

* current practices for addressing the threat,

* protocols, tools and technologies extant at the time of writing
that are used to address the threat.

Individual Capability Documents

A series of documents will be produced covering various groupings
of security management capabilities needed to operate network elements
in a secure fashion. The capabilities will be described in terms that
allow implementations to change over time and will attempt to avoid
requiring any particular implementation.

The capabilities documents will cite the Current Practices document
where possible for justification.

Profile Documents

Profiles documents will be produced, which cite the capabilities
relevant to different operating environments.

Operator Outreach

Much of the operational security knowledge that needs to be
codified resides with operators. In order to access their
knowledge and reach the working group goal, informal BoFs will be
held at relevant operator fora.

RFC3871 will be used as a jumping off point.

Goals and Milestones:

Done  Complete Charter
Done  First draft of Framework Document as Internet Draft
Done  First draft of Standards Survey Document as Internet Draft
Oct 04  First draft of Packet Filtering Capabilities
Oct 04  First draft of Event Logging Capabilities
Nov 04  First draft of Network Operator Current Security Practices
Jan 05  First draft of In-Band management capabilities
Jan 05  First draft of Out-of-Band management capabilities
Jan 05  First draft of Configuration and Management Interface Capabilities
Feb 05  First draft of Authentication, Authorization, and Accounting (AAA) Capabilities
Feb 05  First draft of Documentation and Assurance capabilities
Feb 05  First draft of Miscellaneous capabilities
Mar 05  First draft of Deliberations Summary document
Mar 05  Submit Framework to IESG
Mar 05  Submit Standards Survey to IESG
May 05  Submit Network Operator Current Security Practices to IESG
May 05  First draft of ISP Operational Security Capabilities Profile
May 05  First draft of Enterprise Operational Security Capabilities Profile
Jun 05  Submit Packet Filtering capabilities to IESG
Jun 05  Submit Event Logging Capabilities document to IESG
Jul 05  Submit In-Band management capabilities to IESG
Jul 05  Submit Out-of-Band management capabilities to IESG
Aug 05  Submit Configuration and Management Interface Capabilities to IESG
Aug 05  Submit Authentication, Authorization and Accounting (AAA) capabilities document to IESG
Sep 05  Submit Documentation and Assurance capabilities to IESG
Sep 05  Submit Miscellaneous capabilities document to IESG
Dec 05  Submit ISP Operational Security Capabilities Profile to IESG
Dec 05  Submit Large Enterprise Operational Security Capabilities Profile to IESG
Dec 05  Submit OPSEC Deliberation Summary document to IESG


  • draft-ietf-opsec-framework-00.txt
  • draft-ietf-opsec-efforts-00.txt
  • draft-ietf-opsec-current-practices-00.txt

    No Request For Comments

    Current Meeting Report

    IETF 62, Minneapolis
    Wednesday March 9, 2005

    Minutes by Ross Callon, with help from George Jones' Jabber minutes.

    Pat Cain presented the agenda:
    - Administrivia and Agenda Bashing (Pat, Ross)
    - Brief Working Group Status (Pat, Ross)
    - Survey of Service Provider Security Practices (Merike Kaeo)
    - Filtering Capabilities for IP Network Infrastructure (Chris Morrow)
    - TMOC Liaison (Joe Saloway, Chris Lonvick)
    - Adjourn

    Brief Working Group Status (Pat)

    - The currently available documents are: Framework <draft-ietf-opsec-framework-00>, Survey of other security efforts <draft-ietf-opsec-efforts-00.txt>, Survey of Current Practices <draft-ietf-opsec-current-practices-00>, and filtering capabilities <draft-morrow-filter-caps-00>.
    - Frame work document: Is stable, it outlines working group plan, scope, etc.
    - Individual capability documents: We have a draft of one of these (filtering), and have some authors signed up for a few more. However, we are still looking for input and/or authors for some of the capabilities documents.
    - Profile documents are a future item (it makes sense to start them when the capabilities documents are nearly complete).

    Survey of Operational Service Provider Practices (Merike Kaeo)

    Merike gave an overview of the Survey of Current Service Provider Security Practices where she described the organization of the document and the sections requiring more input. She mentioned that the Filtering and Denial of Service Mitigation sections will be the hardest to complete since current practices vary quite a bit between service providers.

    For the next version:
    - will fill in filtering and DOS mitigation sections
    - intends to add an appendix which enumerates known common attacks (eg, TCP attacks)
    - be more specific about core security versus customer side security. This is in particular relevant to filtering.

    At this point Merike has talked to 6 large tier 1 ISPs, as well as other smaller ISPs. She encourages people to read the document, send comments, and in particular let her know if you have additional practices to tell her about. Merike and Ross pointed out that there are ways to contribute and remain anonymous if you want to do this: You can talk to Merike off line. Alternatively, if you want to contribute to the list anonymously, you can send comments to the chairs who can remove identification of where it came from and then forward to the list.

    George asked about layer 2 equipment and specifically whether layer 2 filtering practices will be included (which is not explicitly discussed in the current document but is in scope). Merike replied that this will be specifically addressed since it is important at the customer edges for certain scenarios.

    Packet Filtering Capabilities Document (Chris Morrow)

    Chris Morrow apologize for the roughness of draft and lack of slides for this presentation. The goal for the filtering capabilities document, from his perspective, is to make it clear to vendors what service providers need. He has heard vendors say "you are the only person asking for this" when he didn't believe that this was true (and other service providers have reportedly heard the same). He would rather have a document that he can reference to aid discussion with vendors. He felt that George's document was a very good start, and his document (which was largely taken from George's RFC 3871), was a first rough start at fleshing out the filtering section of George's document. Chris welcome's comments.

    Chris Lonvick mentioned that TMOC has a document on packet filtering for the prevention of unwanted traffic and wanted to know whether we have looked at this.
    Pat noted that the document was put out a bit quickly.

    The intent is to update the draft and then put it out as a working group document. Are there any objections? (no objections)

    ATIS Liaison Pre-Letter Ballow Review, TMOC Issue 56 (Chris Lonvick)

    ATIS/TMOC has appointed Chris Lonvick as official liaison and is asking for feedback.

    Chris sent email to the Opsec list (March 8, the day before the working group meeting) with a pointer to a Liaison statement from ATIS asking for comments on a paper "Guidelines and Requirements for Network Security Management". We can send comments back to Chris and Joe. The pointer is also on the IETF liaision page.

    One person (Richard Graveman) said "it needs a lot of work, many of the references are out of date". Chris agreed that the references are out of date.

    Points of interest: Section 4 contains the best summary of what the document is about, and how it correlates to security in ISP networks. The document addresses Security Management Operational Support Systems. Relationship with other documents is described. In section 5, the document goes through four major areas that need to be addressed wrt security. Defines some security points. Does not reference how this document relates back to an old ITU M3016, recommendation describing threats, requirements, and services. But this does use the requirements and services of 3016. In section 5 it discusses some security requirements. Chris asks: Are these issues clear, and do they address the correct set of security requirements? Does it make it clear who should be paying attention to these security requirements? Section 6 discusses additional requirements. Please comment on whether these are clear and address real security requirements. Please send comments to Joe and Chris. Please also respond on whether this document should become an ANSI standard. The process that the document is currently being progressed through will end with an ANSI document. Also, if you feel that the document should continue to be progressed, please also comment on improvements that would be appropriate. Are there any questions on this? no questions.

    Pat: We have completed our originally scheduled agenda. Are there other issues that people want to address? No.

    Pat: Please comment. Please volunteer to be an author. Thanks.

    The meeting was ajourned.


    Survey of Operational Security Current Practices
    ATIS Liaison Pre-letter Ballot Review Security Management System (TMOC Issue 56)