Operational Security (opsec) Charter
Last Modified: 2004-06-04
Chair(s):
??? ???? <???@???.com>Operations and Management Area Director(s):
Bert Wijnen <bwijnen@lucent.com>David Kessens <david.kessens@nokia.com>
Operations and Management Area Advisor:
David Kessens <david.kessens@nokia.com>Security Area Director(s):
Russell Housley <housley@vigilsec.com>Steven Bellovin <smb@research.att.com>
Security Area Advisor:
Steven Bellovin <smb@research.att.com>Mailing Lists:
General Discussion: opsec@ops.ietf.orgTo Subscribe: opsec-request@ops.ietf.org
In Body: subscribe
Archive: http://ops.ietf.org/lists/opsec/
Description of Working Group:
Goals
The goal of the Operational Security Working Group is to codify knowledge about feature sets that are required to securely deploy and operate managed network elements.Scope
The working group will produce requirements appropriate for:- Network Service Providers (NSP) Networks
- Internet Service Provider (ISP) Networks
- Enterprise Networks
- Wireless devices
- SOHO devices
- Security devices (firewalls, IDS, Authentication Servers)
- Hosts
- Unmanaged devices
Methods
A road-map document will be produced describing the scope, format, intended use and sequence of future documents. A series of small BCP documents will be produced covering various areas of security management functionality. Profiles documents will be produced, citing the BCPs, which list the requirements relevant to different operating environments. Profiles might list different requirements for devices in different roles: core, edge, peering, aggregation, access, etc.
http://www.ietf.org/internet-drafts/draft-jones-opsec-06.txt will be used as a jumping off point.
Much of the operational security knowledge that needs to be codified resides with operators. Operators have shown a tendency to be too busy with day-to-day operations to be as involved in standards bodies as one would hope. They have shown a greater tendency to be involved in operators forums such as NANOG and RIPE. In order to access their knowledge and reach the working group goal, interim meetings may be held at such operator forums.Goals and Milestones:
| Jun 04 | Hold charter discussions on mailing list, identify chair+authors, submit charter | |
| Jul 04 | Schedule Working Group | |
| Aug 04 | Working Group Meeting @ San Diego | |
| Sep 04 | Submit Roadmap Draft | |
| Oct 04 | Submit In-Band, OoB and Interface Reqs Drafts | |
| Oct 04 | Interim meeting @ NANOG | |
| Nov 04 | Working Group Meeting @ Washington, Roadmap to IESG | |
| Dec 04 | Submit Stack, Rate Limiting, Filtering Drafts... | |
| Jan 05 | In-Band, OoB and Interface Reqs to IESG | |
| . | ||
| . | ||
| . | ||
| Aug 05 | Working Group Meeting/Wrap up |
Internet-Drafts (to be written):
- OPSEC Roadmap (info)
- OPSEC In-Band Management Requirements (BCP)
- OPSEC Out-Of-Band Management Requirements (BCP)
- OPSEC Configuration and Management Interface Requirements (BCP)
- OPSEC IP Stack Requirements (BCP)
- OPSEC Rate Limiting Requirements (BCP)
- OPSEC Filtering Requirements (BCP)
- OPSEC Event Logging Requirements (BCP)
- OPSEC AAA Requirements (BCP)
- OPSEC Other (L2 reqs, performance, etc Requirements (BCP).)
- OPSEC Documentation Requirements Requirements (BCP)
- OPSEC Assurance Requirements Requirements (BCP)
- OPSEC NSP Operational Security Requirements Profile(info)
- OPSEC ISP Operational Security Requirements Profile (info)
- OPSEC Enterprise Operational Security Requirements Profile (info)
- OPSEC Working Group Discussion Archive and Food for Thought. Features discussed but not deemed to be BCP. (info)
Request For Comments:
None.IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.