[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: survey of isp security practices

To: Bora Akyol <bora@cisco.com>
Subject: Re: survey of isp security practices
From: Merike Kaeo <kaeo@merike.com>
Date: Tue, 9 Nov 2004 19:05:40 -0800
Cc: <opsec@ops.ietf.org>
In-reply-to: <BDB676CD.63C9%bora@cisco.com>
References: <BDB676CD.63C9%bora@cisco.com>

Some great additions......and the classification will be redone to better reflect an operational view........

- merike

On Nov 9, 2004, at 1:29 PM, Bora Akyol wrote:

Thanks for putting this together, some comments inline.

Bora

On 11/9/04 4:03 AM, "Merike Kaeo" <kaeo@merike.com> wrote:

I missed the cut-off for submitting a 00-draft for the survey of current isp security practices document but would like to at least send out the proposed outline so that people interested in contributing can comment to the list. Anything that is glaringly missing?
- merike
Table of Contents
    1.  Introduction
    2.  Problem Statement
    3.  Device Access Security
      3.1   Threat Description
      3.2   Best Current Practice
        3.2.1   Logical access

What is logical access (ssh?)

        3.2.2   Console Access
        3.2.3   HTTP
        3.2.4   SNMP


Would like to add API based access to the management interfaces.

    4.  Authentication / Authorization
      4.1   Threat Description
      4.2   Best Current Practice
        4.2.1   Device Access
        4.2.2   Routing
        4.2.3   MAC Address

I think (2) and (3) above are good but their suitability to be classified under Authentication/Authorization highly depends on what the threat is.

    5.  Filtering
      5.1   Threat Description
      5.2   Best Current Practice
        5.2.1   General Inbound Traffic Filters
        5.2.2   General Outbound Traffic Filters
        5.2.3   Device Access Filters
        5.2.4   Route Filters
        5.2.5   MAC Address Filters
        5.2.6   DoS Mitigation Filtering
        5.2.7   SinkHole / Blackhole
        5.2.8   uRPF
    6.  Logging (accounting)
      6.1   Threat Description
      6.2   Best Current Practice
        6.2.1   What traffic is logged
        6.2.2   What fields are logged
        6.2.3   How long are logs kept
        6.2.4   Local buffer vs syslog (for backup info)
        6.2.5   Authentication from peer to peer of log files?
        6.2.6   Integrity check of log files?
        6.2.7   NTP source considerations
    7.  Device Integrity
      7.1   Threat Description
      7.2   Best Current Practice
        7.2.1   Device Image Upgrade
        7.2.2   Device Configuration
        7.2.3   Management/Logging Information

I don't know it fits under (3) above, but I would like to see a few words somewhere about core dumps from network devices.

    8.  Specific Protocol/Service Concerns
      8.1   Threat Description
      8.2   Best Current Practice
        8.2.1   ICMP
        8.2.2   Generally Unused Services

There is a whole lot more here, SSH, HTTP, SCP, ...... I am wondering if we want to avoid listing specific services here since they will need to be updated as people come up with new services.

    9.  Policy/Procedural Considerations
      9.1   Threat Description
      9.2   Best Current Practice
        9.2.1   Equipment Software Update
        9.2.2   Equipment Configuration Change


(2) Can we add Change and Versioning.

References:
- Re: survey of isp security practices
  - From: Bora Akyol <bora@cisco.com>

Prev by Date: Re: survey of isp security practices
Next by Date: Re: survey of isp security practices
Previous by thread: Re: survey of isp security practices
Next by thread: Re: survey of isp security practices
Index(es):
- Date
- Thread