[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WG Review: Operational Security Capabilities for IP Network Infrastructure (opsec)

To: IETF-Announce@ietf.org
Subject: WG Review: Operational Security Capabilities for IP Network Infrastructure (opsec)
From: The IESG <iesg-secretary@ietf.org>
Date: Fri, 17 Sep 2004 11:46:02 -0400
Cc: opsec@ops.ietf.org
Reply-to: iesg@ietf.org

A new IETF working group has been proposed in the Operations and Management Area.
The IESG has not made any determination as yet. The following description was
submitted, and is provided for informational purposes only. Please send your
comments to the IESG mailing list (iesg@ietf.org) by September 24.

Operational Security Capabilities for IP Network Infrastructure (opsec)
=======================================================================

Current Status: Proposed Working Group

Description of Working Group:

Goals

The goal of the Operational Security Working Group is to codify
knowledge gained through operational experience about feature sets
that are needed to securely deploy and operate managed network
elements providing transit services at the data link and IP
layers.

It is anticipated that the codification of this knowledge will be
an aid to vendors in producing more securable network elements,
and an aid to operators in increasing security by deploying and
configuring more secure network elements.

Scope

The working group will list capabilities appropriate for
devices use in:

* Internet Service Provider (ISP) Networks
* Enterprise Networks

The following areas are excluded from the charter at this time:

* Wireless devices
* Small-Office-Home-Office (SOHO) devices
* Security devices (firewalls, Intrusion Detection Systems, Authentication Servers)
* Hosts

Methods

Framework Document

A framework document will be produced describing the scope,
format, intended use and documents to be produced.

Current Practices Document

A single document will be produced that attempts to capture
curent practices related to secure operation. This will be
primarily based on operational experience. Each entry will list:

* threats addressed,

* current practices for addressing the threat,

* protocols, tools and technologies extant at the time of writing
that are used to address the threat.

Individual Capability Documents

A series of documents will be produced covering various groupings
of security management capabilities needed to operate network elements
in a secure fashion. The capabilities will be described in terms that allow
implementations to change over time and will attempt to avoid requiring any
particular implementation.

The capabilities documents will cite the Current Practices document where
possible for justification.

Profile Documents

Profiles documents will be produced, which cite the capabilities
relevant to different operating environments.

Operator Outreach

Much of the operational security knowledge that needs to be
codified resides with operators. In order to access their
knowledge and reach the working group goal, informal BoFs will be
held at relevant operator fora.

http://www.ietf.org/internet-drafts/draft-jones-opsec-06.txt will
be used as a jumping off point.

Follow-Ups:
- Re: WG Review: Operational Security Capabilities for IP Network Infrastructure (opsec)
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Fwd: OPSEC BOF Minutes
Next by Date: Re: WG Review: Operational Security Capabilities for IP Network Infrastructure (opsec)
Previous by thread: OPSEC BOF Minutes
Next by thread: Re: WG Review: Operational Security Capabilities for IP Network Infrastructure (opsec)
Index(es):
- Date
- Thread