[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:

To: gmj@pobox.com, opsec@ops.ietf.org
Subject: Re:
From: Ross Callon <rcallon@juniper.net>
Date: Fri, 20 Feb 2004 19:26:26 -0500
In-reply-to: <Pine.LNX.4.50.0402170937480.26995-100000@tornado.he.net>

Comment in-line with segments from an earlier message:

> >...2.8.3 Ability to Filter on Protocol Header Fields
> >
> >   Requirement. The filtering mechanism MUST support filtering based on
> >       the value(s) of any portion of the protocol headers for IP,
> >       ICMP,
> >       UDP and TCP. It SHOULD support filtering of of all other
> >       protocols
> >       supported at layer 3 and 4.  It MAY support support filtering
> >       based on the headers of higher level protocols.  It SHOULD be
> >       possible to specify fields by name (e.g. "protocol = ICMP")
> >       rather
> >       than bit-offset/length/numeric value (e.g. 72:8 = 1).
> >
> >   Justification. Being able to filter on portions of the header is
> >       necessary to allow implementation of policy, secure operations,
> >       and support incident response.
>...
>
> > A network could well make a choice that the ability to filter on
> > layer 4 protocol information (especially headers) opened the network
> > to abuse by operators, local law enforcement, or black hats;
>
>The requirement is not saying that filtering has to be/not be done,
>simply that the capability has to be there...

It seems implicit that part of what this document calls "security" is
the ability to keep the network operating at all. For example, being
able to stop a DoS attack -- whether aimed at a router in the network,
a link, a server, etc -- is a goal. Service providers have certainly seen
DoS attacks aimed at each of these.

Reading the note that George was replying to, which questioned 
whether filtering was a good idea, made me wonder if some people
have a different definition of security. Is a network which is completely
disconnected (ie, not passing any data at all) very "secure", in the 
sense that hackers can't steal anything over the network, or is it very 
insecure, in that users who were relying on the network can't get the 
service that they expect?

When initially reading this document I took it as implicit that 
availability of the network is part of "security". However, it might not 
be a bad idea to explicitly say this up front. 

Ross

Follow-Ups:
- availability
  - From: George Jones <gmj@pobox.com>

References:
- [no subject]
  - From: George Jones <gmj@pobox.com>

Prev by Date: Re: Reply to comments on opsec draft from Bert Wijnen/OPS directorate.
Next by Date: RE: draft status, BoF, replies to issues
Previous by thread: [no subject]
Next by thread: availability
Index(es):
- Date
- Thread