[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: availability
I added some comments marked by djs let me know what you think.
-----Original Message-----
From: owner-opsec@psg.com
To: Ross Callon
Cc: opsec@ops.ietf.org
Sent: 2/21/2004 1:29 PM
Subject: availability
On Fri, 20 Feb 2004, Ross Callon wrote:
> It seems implicit that part of what this document calls "security" is
> the ability to keep the network operating at all.
Bingo.
> When initially reading this document I took it as implicit that
> availability of the network is part of "security". However, it might
not
> be a bad idea to explicitly say this up front.
Current draft says...
03> 1.2 Motivation
03>
03> Network operators need tools to insure that they are able to
manage
03> their networks securely and to insure that they maintain the
ability
03> to provide service to their customers.
03> .
03> .
03> .
Current working copy (not much changed here) says:
04> 1.4 Definition of a Secure Network
04>
04> For the purposes of this document, a secure network is one in
which:
djs>The 3 primary goals of security are observed CIA - Confidentiality, djs>Intregity, Availablity.
04>
04> o the network keeps passing legitimate customer traffic
djs>without modification or unauthorized monitering of the data stream.
04> (availability, confidentility, intregity)
04>
04> o traffic goes where it is supposed to go (availability,
04> confidentiality)
djs>Traffic goes where it was intended to go and only where it was djs>intended to go. (availablity, confidentiality)
04>
04> o the network elements remain manageable (availability)
04>
04> o only authorized users can manage network elements
(authorization,intregity)
04>
04> o there is a record of all security related events
(accountability)
04>
04> o the network operator has the necessary tools to detect and
respond
04> to illegitimate traffic
Do you think it needs to be more explicit ? In the abstract or goals ?
Wording ?
Thanks,
---George