Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
Ronald del Rosario <rrosario@five9.com> Mon, 07 November 2016 17:31 UTC
Return-Path: <rrosario@five9.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54D1112959C for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 09:31:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G06PC-zaR8KY for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 09:31:31 -0800 (PST)
Received: from us-smtp-delivery-199.mimecast.com (us-smtp-delivery-199.mimecast.com [63.128.21.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88891129580 for <saag@ietf.org>; Mon, 7 Nov 2016 09:31:31 -0800 (PST)
Received: from mx02.five9.com (mx02.five9.com [198.105.204.3]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-8-LcidP3MlO0-8MyuGKrcRlw-1; Mon, 07 Nov 2016 12:31:27 -0500
Received: from MB03.five9.com (10.7.8.143) by mx02.five9.com (10.7.15.112) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 7 Nov 2016 09:31:16 -0800
Received: from MB02.five9.com ([fe80::ede6:8312:5207:4046]) by mb03.five9.com ([fe80::4d18:3a9c:2936:eea8%16]) with mapi id 14.03.0248.002; Mon, 7 Nov 2016 09:31:25 -0800
From: Ronald del Rosario <rrosario@five9.com>
To: Keith Moore <moore@network-heretics.com>, Ira McDonald <blueroofmusic@gmail.com>
Thread-Topic: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
Thread-Index: AQHSNwOeTbxCVXita0CcyfirQL3uYqDOKJkA//+i5QA=
Date: Mon, 07 Nov 2016 17:31:25 +0000
Message-ID: <B63793B6-174A-4117-A33E-14B1133EFE3E@five9.com>
References: <63ae04d9-9a31-498c-3333-2801a72338f0@network-heretics.com> <CAN40gSstpA3b8=CDqENSQ1=caNxBQNKUBbefgfN4ZsbLywr==w@mail.gmail.com>
In-Reply-To: <CAN40gSstpA3b8=CDqENSQ1=caNxBQNKUBbefgfN4ZsbLywr==w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1b.0.161010
x-originating-ip: [10.7.8.130]
MIME-Version: 1.0
X-MC-Unique: LcidP3MlO0-8MyuGKrcRlw-1
Content-Type: multipart/alternative; boundary="_000_B63793B6174A4117A33E14B1133EFE3Efive9com_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/G2ilmHlbpqF8bg-duWETN2YUKm8>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 17:31:34 -0000
Hi Keith, The Cloud Security Alliance (CSA) – IoT Working Group also published a similar document October 2016 titled “Future Proofing the Connected World: 13 Steps to Developing Secure IoT Products” https://cloudsecurityalliance.org/download/future-proofing-the-connected-world/ Disclaimer: I am a member of the CSA IoT Working Group but not a contributor on this document. Thanks, Ron From: saag <saag-bounces@ietf.org> on behalf of Ira McDonald <blueroofmusic@gmail.com> Date: Monday, November 7, 2016 at 7:04 AM To: Keith Moore <moore@network-heretics.com>, Ira McDonald <blueroofmusic@gmail.com> Cc: "saag@ietf.org" <saag@ietf.org> Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices) Hi Keith, FWIW - link to the recent Trusted Computing Group's "Guidance for Securing IoT using TCG Technology" http://www.trustedcomputinggroup.org/wp-content/uploads/TCG_Guidance_for_Securing_IoT_1_0r21.pdf The use cases are potentially of general interest. Disclaimer - I was a contributor to this document, but I don't endorse the narrow TCG-specific solutions focus. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com> Jan-April: 579 Park Place Saline, MI 48176 734-944-0094 May-Dec: PO Box 221 Grand Marais, MI 49839 906-494-2434 On Fri, Nov 4, 2016 at 9:25 PM, Keith Moore <moore@network-heretics.com<mailto:moore@network-heretics.com>> wrote: Stephen Farrell suggested I bring this draft to your attention. This was a rush job as the authors just started talking about this last Friday, but it was written in response to recent DDoS attacks that utilized easily-compromised IoT devices. I'm sure there are missing pieces (I've identified a few since -00) and sections that could be stated better (like the title of section 2.3.2), but hopefully this is a useful start. https://datatracker.ietf.org/doc/draft-moore-iot-security-bcp/ Keith _______________________________________________ saag mailing list saag@ietf.org<mailto:saag@ietf.org> https://www.ietf.org/mailman/listinfo/saag ________________________________ CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential information of Five9 and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Five9 and/or its affiliated entities. Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.
- [saag] draft-moore-iot-bcp-00 (Best Current Pract… Keith Moore
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Natasha Rooney
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Hannes Tschofenig
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Natasha Rooney
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ira McDonald
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ronald del Rosario
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Loganaden Velvindron
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ari Keränen
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Watson Ladd
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Hannes Tschofenig
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Garcia Morchon O, Oscar
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Adam Montville
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Michael Richardson
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Garcia Morchon O, Oscar
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ben Laurie
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ben Laurie
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Peter Gutmann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Adrian Hope-Bailie
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Eliot Lear
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Peter Gutmann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Jeffrey Walton
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Jeffrey Walton
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Hannes Tschofenig
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Carsten Bormann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Peter Gutmann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… kathleen.moriarty.ietf