IETF Logo Mail Archive

Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)

Ronald del Rosario <rrosario@five9.com> Mon, 07 November 2016 17:31 UTC

Return-Path: <rrosario@five9.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54D1112959C for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 09:31:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G06PC-zaR8KY for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 09:31:31 -0800 (PST)
Received: from us-smtp-delivery-199.mimecast.com (us-smtp-delivery-199.mimecast.com [63.128.21.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88891129580 for <saag@ietf.org>; Mon, 7 Nov 2016 09:31:31 -0800 (PST)
Received: from mx02.five9.com (mx02.five9.com [198.105.204.3]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-8-LcidP3MlO0-8MyuGKrcRlw-1; Mon, 07 Nov 2016 12:31:27 -0500
Received: from MB03.five9.com (10.7.8.143) by mx02.five9.com (10.7.15.112) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 7 Nov 2016 09:31:16 -0800
Received: from MB02.five9.com ([fe80::ede6:8312:5207:4046]) by mb03.five9.com ([fe80::4d18:3a9c:2936:eea8%16]) with mapi id 14.03.0248.002; Mon, 7 Nov 2016 09:31:25 -0800
From: Ronald del Rosario <rrosario@five9.com>
To: Keith Moore <moore@network-heretics.com>, Ira McDonald <blueroofmusic@gmail.com>
Thread-Topic: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
Thread-Index: AQHSNwOeTbxCVXita0CcyfirQL3uYqDOKJkA//+i5QA=
Date: Mon, 07 Nov 2016 17:31:25 +0000
Message-ID: <B63793B6-174A-4117-A33E-14B1133EFE3E@five9.com>
References: <63ae04d9-9a31-498c-3333-2801a72338f0@network-heretics.com> <CAN40gSstpA3b8=CDqENSQ1=caNxBQNKUBbefgfN4ZsbLywr==w@mail.gmail.com>
In-Reply-To: <CAN40gSstpA3b8=CDqENSQ1=caNxBQNKUBbefgfN4ZsbLywr==w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1b.0.161010
x-originating-ip: [10.7.8.130]
MIME-Version: 1.0
X-MC-Unique: LcidP3MlO0-8MyuGKrcRlw-1
Content-Type: multipart/alternative; boundary="_000_B63793B6174A4117A33E14B1133EFE3Efive9com_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/G2ilmHlbpqF8bg-duWETN2YUKm8>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 17:31:34 -0000

Hi Keith,

The Cloud Security Alliance (CSA) – IoT Working Group also published a similar document October 2016 titled “Future Proofing the Connected World: 13 Steps to Developing Secure IoT Products”

https://cloudsecurityalliance.org/download/future-proofing-the-connected-world/

Disclaimer: I am a member of the CSA IoT Working Group but not a contributor on this document.

Thanks,
Ron

From: saag <saag-bounces@ietf.org> on behalf of Ira McDonald <blueroofmusic@gmail.com>
Date: Monday, November 7, 2016 at 7:04 AM
To: Keith Moore <moore@network-heretics.com>, Ira McDonald <blueroofmusic@gmail.com>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)

Hi Keith,
FWIW - link to the recent Trusted Computing Group's "Guidance for
Securing IoT using TCG Technology"

http://www.trustedcomputinggroup.org/wp-content/uploads/TCG_Guidance_for_Securing_IoT_1_0r21.pdf
The use cases are potentially of general interest.
Disclaimer - I was a contributor to this document, but I don't endorse
the narrow TCG-specific solutions focus.
Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>
Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094
May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434

On Fri, Nov 4, 2016 at 9:25 PM, Keith Moore <moore@network-heretics.com<mailto:moore@network-heretics.com>> wrote:
Stephen Farrell suggested I bring this draft to your attention. This was a rush job as the authors just started talking about this last Friday, but it was written in response to recent DDoS attacks that utilized easily-compromised IoT devices.   I'm sure there are missing pieces (I've identified a few since -00) and sections that could be stated better (like the title of section 2.3.2), but hopefully this is a useful start.

https://datatracker.ietf.org/doc/draft-moore-iot-security-bcp/

Keith


_______________________________________________
saag mailing list
saag@ietf.org<mailto:saag@ietf.org>
https://www.ietf.org/mailman/listinfo/saag


________________________________

CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential information of Five9 and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Five9 and/or its affiliated entities.

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.

v2.23.0 | Report a Bug | By Email