< draft-jones-opsec-05.txt   draft-jones-opsec-06.txt >
None. G. Jones, Editor None. G. Jones, Editor
Internet-Draft The MITRE Corporation Internet-Draft The MITRE Corporation
Expires: October 17, 2004 April 18, 2004 Expires: October 20, 2004 April 21, 2004
Operational Security Requirements for Large ISP IP Network Operational Security Requirements for Large ISP IP Network
Infrastructure Infrastructure
draft-jones-opsec-05 draft-jones-opsec-06
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
skipping to change at page 1, line 30 skipping to change at page 1, line 30
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt. www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on October 17, 2004. This Internet-Draft will expire on October 20, 2004.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
This document defines a list of operational security requirements for This document defines a list of operational security requirements for
the infrastructure of large ISP IP networks (routers and switches). the infrastructure of large ISP IP networks (routers and switches).
A framework is defined for specifying "profiles", which are A framework is defined for specifying "profiles", which are
skipping to change at page 23, line 15 skipping to change at page 23, line 15
Warnings. Warnings.
None. None.
2.4 Configuration and Management Interface Requirements 2.4 Configuration and Management Interface Requirements
This section lists requirements that support secure device This section lists requirements that support secure device
configuration and management methods. In most cases, this currently configuration and management methods. In most cases, this currently
involves some sort of command line interface (CLI) and configuration involves some sort of command line interface (CLI) and configuration
files. It may be possible to meet these requirements with other files. It may be possible to meet these requirements with other
mechanisms, for instance a script-able HTML interface that provides mechanisms, for instance SNMP or a script-able HTML interface that
full access to management and configuration functions. In the provides full access to management and configuration functions. In
future, there may be others (e.g. XML based configuration). the future, there may be others (e.g. XML based configuration).
2.4.1 'CLI' Provides Access to All Configuration and Management 2.4.1 'CLI' Provides Access to All Configuration and Management
Functions Functions
Requirement. Requirement.
The Command Line Interface (CLI) or equivalent MUST allow complete The Command Line Interface (CLI) or equivalent MUST allow complete
access to all configuration and management functions. access to all configuration and management functions. The CLI MUST
be supported on the console (see Section 2.3.1) and SHOULD be
supported on all other interfaces used for management.
Justification. Justification.
The CLI (or equivalent) is needed to provide the ability to do The CLI (or equivalent) is needed to provide the ability to do
reliable, fast, direct, local management and monitoring of a reliable, fast, direct, local management and monitoring of a
device. It is particularly useful in situations where it is not device. It is particularly useful in situations where it is not
possible to manage and monitor the device via "normal" means (e.g. possible to manage and monitor the device in-band via "normal"
SNMP [RFC3410], [RFC3411]) that depend on functional networking. means (e.g. SSH or SNMP [RFC3410], [RFC3411]) that depend on
Such situations often occur during security incidents such as functional networking. Such situations often occur during security
bandwidth-based denial of service attacks. incidents such as bandwidth-based denial of service attacks.
Examples. Examples.
Examples of configuration include setting interface addresses, Examples of configuration include setting interface addresses,
defining and applying filters, configuring logging and defining and applying filters, configuring logging and
authentication, etc. Examples of management functions include authentication, etc. Examples of management functions include
displaying dynamic state information such as CPU load, memory displaying dynamic state information such as CPU load, memory
utilization, packet processing statistics, etc. utilization, packet processing statistics, etc.
Warnings. Warnings.
None. None.
2.4.2 'CLI' Supports Scripting of Configuration 2.4.2 'CLI' Supports Scripting of Configuration
Requirement. Requirement.
The CLI or equivalent MUST support external scripting of The CLI or equivalent MUST support external scripting of
configuration functions. configuration functions. This CLI SHOULD support the same command
set and syntax as that in Section 2.4.1.
Justification. Justification.
During the handling of security incidents, it is often necessary During the handling of security incidents, it is often necessary
to quickly make configuration changes on large numbers of devices. to quickly make configuration changes on large numbers of devices.
Doing so manually is error prone and slow. Vendor supplied Doing so manually is error prone and slow. Vendor supplied
management solutions do not always foresee or address the type or management solutions do not always foresee or address the type or
scale of solutions that are required. The ability to script scale of solutions that are required. The ability to script
provides a solution to these problems. provides a solution to these problems.
skipping to change at page 25, line 23 skipping to change at page 25, line 24
support line. The GUI management interface is redrawing the screen support line. The GUI management interface is redrawing the screen
multiple times...slowly... at 9600bps. multiple times...slowly... at 9600bps.
One mechanism that supports operation over slow links is the One mechanism that supports operation over slow links is the
ability to apply filters to the output of CLI commands which have ability to apply filters to the output of CLI commands which have
potentially large output. This may be implemented with something potentially large output. This may be implemented with something
similar to the UNIX pipe facility and "grep" command. similar to the UNIX pipe facility and "grep" command.
For example, For example,
cat largefile.txt | grep interesting-string cat largefile.txt | grep interesting-string
Another is the ability to "page" through large command output, Another is the ability to "page" through large command output,
e.g. the UNIX "more" command: e.g. the UNIX "more" command:
For example, For example,
cat largefile.txt | more cat largefile.txt | more
Warnings. Warnings.
One consequence of this requirement may be that requiring a GUI One consequence of this requirement may be that requiring a GUI
interface for management is unacceptable unless it can be shown to interface for management is unacceptable unless it can be shown to
work acceptably over slow links. work acceptably over slow links.
2.4.4 'CLI' Supports Idle Session Timeout 2.4.4 'CLI' Supports Idle Session Timeout
Requirement. Requirement.
skipping to change at page 74, line 19 skipping to change at page 74, line 19
Security is the subject matter of this entire memo. The Security is the subject matter of this entire memo. The
justification section of each individual requirement lists the justification section of each individual requirement lists the
security implications of meeting or not meeting the requirement. security implications of meeting or not meeting the requirement.
SNMP SNMP
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec), Even if the network itself is secure (for example by using IPSec),
even then, there is no control as to who on the secure network is even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the allowed to access and GET/SET (read/change/create/delete) the
objects in this MIB module. objects in the MIB.
It is recommended that implementors consider the security features It is recommended that implementors consider the security features
as provided by the SNMPv3 framework (see [RFC3410], section 8), as provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms including full support for the SNMPv3 cryptographic mechanisms
(for authentication and privacy). (for authentication and privacy).
Furthermore, deployment of SNMP versions prior to SNMPv3 is NOT Furthermore, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to MIB
instance of this MIB module is properly configured to give access objects is properly configured to give access to the objects only
to the objects only to those principals (users) that have to those principals (users) that have legitimate rights to indeed
legitimate rights to indeed GET or SET (change/create/delete) GET or SET (change/create/delete) them.
them.
Normative References Normative References
[ANSI.X9-52.1998] [ANSI.X9-52.1998]
American National Standards Institute, "Triple Data American National Standards Institute, "Triple Data
Encryption Algorithm Modes of Operation", ANSI X9.52, Encryption Algorithm Modes of Operation", ANSI X9.52,
1998. 1998.
[FIPS.197] [FIPS.197]
National Institute of Standards and Technology, "Advanced National Institute of Standards and Technology, "Advanced
 End of changes. 11 change blocks. 
20 lines changed or deleted 22 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/