[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OPSEC Working Group? Need people to do the work.



On Wed, 26 May 2004, Smith, Donald wrote:

> IMO a customer owned system is outside scope. I am assuming this
> documents focus is NSP's not end users.
> George am I off base on this on. That assumption is based on earlier
> work and I am not certain it still applies.
>
> But a COLO switch/router should be included. That will look like an edge
> in many ways but there could be differences in basic functionality so
> ...
>
> Colo: An NE that provides customer physical access in a shared or
> collocation facility. Some shared management (control plane) plus
> potential for customer's physical control. (Not sure how to phrase this
> but in a colo a customer could
> pull the plug on their own or other's customers equipment including the
> COLO.) Physical protections above and beyond
> a limited access facility should be required.

Rather than saying the colo itself is a single NE, maybe this could be
changed to say the colo is a facility that *houses* one or more NEs.

I don't know whether colo physical security is in scope, but volumes could
be written on that if so.

Agree on your point re ownership (customer vs. NSP). However, I'd argue
that even in a NSP-only context, a customer-owned box in a colo is
in-scope since vulnerabilities in its default security settings may allow
compromise of other systems, including the NSPs.

dn

>
>
> Donald.Smith@qwest.com GCIA
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
> pgpFingerPrint:9CE4 227B B9B3 601F B500  D076 43F1 0767 AF00 EDCC
> Brian Kernighan jokingly named it the Uniplexed Information and
> Computing System (UNICS) as a pun on MULTICS.
>
> > -----Original Message-----
> > From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On
> > Behalf Of David Newman
> > Sent: Wednesday, May 26, 2004 9:15 AM
> > Cc: opsec@ops.ietf.org
> > Subject: RE: OPSEC Working Group? Need people to do the work.
> >
> >
> >
> >
> > On Wed, 26 May 2004, Smith, Donald wrote:
> >
> > > Maybe we can begin by defining roles/names for those
> > Network Elements?
> > > These are my suggestions. I believe the definitions and
> > names I have
> > > below are fairly commonly used by ISP's.
> > >
> > >
> > > Core: An NE that provides INTRA-AS access. Usually owned
> > and managed
> > > by one corporation.
> > >
> > > Border: Peering border a NE that provides access for INTER-AS peers
> > > into an ISP's core.
> > >
> > > Edge aka customer edge: An NE that provides physical access for
> > > customers into an ISP's network.
> >
> > Would a customer-owned box in a colo rack qualify for this
> > definition? If not, maybe a separate term is needed (colo box?).
> >
> > dn
> >
> >
>
>