WG Review: Operational Security Capabilities for IP Network Infrastructure (opsec)
The IESG <iesg-secretary@ietf.org> Fri, 17 September 2004 15:55 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA14519; Fri, 17 Sep 2004 11:55:31 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C8LAk-0005AT-Pn; Fri, 17 Sep 2004 12:01:19 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C8L3g-0007CX-MY; Fri, 17 Sep 2004 11:54:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C8Kw1-00051k-Kf for ietf-announce@megatron.ietf.org; Fri, 17 Sep 2004 11:46:05 -0400
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA13534; Fri, 17 Sep 2004 11:46:03 -0400 (EDT)
Message-Id: <200409171546.LAA13534@ietf.org>
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce@ietf.org
Date: Fri, 17 Sep 2004 11:46:02 -0400
Cc: opsec@ops.ietf.org
Subject: WG Review: Operational Security Capabilities for IP Network Infrastructure (opsec)
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: iesg@ietf.org
List-Id: ietf-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
Sender: ietf-announce-bounces@ietf.org
Errors-To: ietf-announce-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 32b73d73e8047ed17386f9799119ce43
A new IETF working group has been proposed in the Operations and Management Area. The IESG has not made any determination as yet. The following description was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by September 24. Operational Security Capabilities for IP Network Infrastructure (opsec) ======================================================================= Current Status: Proposed Working Group Description of Working Group: Goals The goal of the Operational Security Working Group is to codify knowledge gained through operational experience about feature sets that are needed to securely deploy and operate managed network elements providing transit services at the data link and IP layers. It is anticipated that the codification of this knowledge will be an aid to vendors in producing more securable network elements, and an aid to operators in increasing security by deploying and configuring more secure network elements. Scope The working group will list capabilities appropriate for devices use in: * Internet Service Provider (ISP) Networks * Enterprise Networks The following areas are excluded from the charter at this time: * Wireless devices * Small-Office-Home-Office (SOHO) devices * Security devices (firewalls, Intrusion Detection Systems, Authentication Servers) * Hosts Methods Framework Document A framework document will be produced describing the scope, format, intended use and documents to be produced. Current Practices Document A single document will be produced that attempts to capture curent practices related to secure operation. This will be primarily based on operational experience. Each entry will list: * threats addressed, * current practices for addressing the threat, * protocols, tools and technologies extant at the time of writing that are used to address the threat. Individual Capability Documents A series of documents will be produced covering various groupings of security management capabilities needed to operate network elements in a secure fashion. The capabilities will be described in terms that allow implementations to change over time and will attempt to avoid requiring any particular implementation. The capabilities documents will cite the Current Practices document where possible for justification. Profile Documents Profiles documents will be produced, which cite the capabilities relevant to different operating environments. Operator Outreach Much of the operational security knowledge that needs to be codified resides with operators. In order to access their knowledge and reach the working group goal, informal BoFs will be held at relevant operator fora. http://www.ietf.org/internet-drafts/draft-jones-opsec-06.txt will be used as a jumping off point. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce