[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
survey of isp security practices
I missed the cut-off for submitting a 00-draft for the survey of
current isp security practices document but would like to at least send
out the proposed outline so that people interested in contributing can
comment to the list. Anything that is glaringly missing?
- merike
Table of Contents
1. Introduction
2. Problem Statement
3. Device Access Security
3.1 Threat Description
3.2 Best Current Practice
3.2.1 Logical access
3.2.2 Console Access
3.2.3 HTTP
3.2.4 SNMP
4. Authentication / Authorization
4.1 Threat Description
4.2 Best Current Practice
4.2.1 Device Access
4.2.2 Routing
4.2.3 MAC Address
5. Filtering
5.1 Threat Description
5.2 Best Current Practice
5.2.1 General Inbound Traffic Filters
5.2.2 General Outbound Traffic Filters
5.2.3 Device Access Filters
5.2.4 Route Filters
5.2.5 MAC Address Filters
5.2.6 DoS Mitigation Filtering
5.2.7 SinkHole / Blackhole
5.2.8 uRPF
6. Logging (accounting)
6.1 Threat Description
6.2 Best Current Practice
6.2.1 What traffic is logged
6.2.2 What fields are logged
6.2.3 How long are logs kept
6.2.4 Local buffer vs syslog (for backup info)
6.2.5 Authentication from peer to peer of log files?
6.2.6 Integrity check of log files?
6.2.7 NTP source considerations
7. Device Integrity
7.1 Threat Description
7.2 Best Current Practice
7.2.1 Device Image Upgrade
7.2.2 Device Configuration
7.2.3 Management/Logging Information
8. Specific Protocol/Service Concerns
8.1 Threat Description
8.2 Best Current Practice
8.2.1 ICMP
8.2.2 Generally Unused Services
9. Policy/Procedural Considerations
9.1 Threat Description
9.2 Best Current Practice
9.2.1 Equipment Software Update
9.2.2 Equipment Configuration Change