IETF Logo Mail Archive

Re: [sacm] new drafts about network infrastructure device's security baseline:

"Xialiang (Frank)" <frank.xialiang@huawei.com> Thu, 07 September 2017 15:19 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64059132EB5 for <sacm@ietfa.amsl.com>; Thu, 7 Sep 2017 08:19:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.651
X-Spam-Level:
X-Spam-Status: No, score=-3.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, INVALID_MSGID=0.568, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e3MIe8Z8OJ-r for <sacm@ietfa.amsl.com>; Thu, 7 Sep 2017 08:19:44 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73874132F8E for <sacm@ietf.org>; Thu, 7 Sep 2017 08:19:37 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml709-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOD32561; Thu, 07 Sep 2017 15:19:34 +0000 (GMT)
Received: from DGGEML401-HUB.china.huawei.com (10.3.17.32) by lhreml709-cah.china.huawei.com (10.201.108.32) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 7 Sep 2017 16:19:32 +0100
Received: from DGGEML502-MBX.china.huawei.com ([169.254.2.131]) by DGGEML401-HUB.china.huawei.com ([fe80::89ed:853e:30a9:2a79%31]) with mapi id 14.03.0301.000; Thu, 7 Sep 2017 23:19:26 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: [sacm] new drafts about network infrastructure device's security baseline:
Thread-Index: AdMnr9yvyzoNHtmhQXuBvOw9Rg6/RP//p7oAgADR7vo=
Date: Thu, 07 Sep 2017 15:19:25 +0000
Message-ID: 774AA6DE-742C-4D8E-BDAA-388FBEE24D66
References: <C02846B1344F344EB4FAA6FA7AF481F12BB67B58@DGGEML502-MBX.china.huawei.com>, <ED403921-DD5F-4610-8ED2-BBE5C405A212@sit.fraunhofer.de>
In-Reply-To: <ED403921-DD5F-4610-8ED2-BBE5C405A212@sit.fraunhofer.de>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/mixed; boundary="_004_774AA6DE742C4D8EBDAA388FBEE24D66_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020206.59B16387.00D8, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.2.131, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 9aa7379877041b57e3d9e8799d854725
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/6xI7CRBZCd2l1P-7DqtsEnBAmkQ>
Subject: Re: [sacm] new drafts about network infrastructure device's security baseline:
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2017 15:19:46 -0000

Hi Henk,
happy that you are interested in these drafts. In fact, we think this work is very suitable in the scope of SACM WG, as they are focusing on the security posture collection and assessment of network device endpoint.
So, our plan is to make all of these data models aligned with the defined SACM information model in the next step.
we appreciate any comments and helps from SACM WG.
--------------------------------------------------
Frank
Products & Solutions-Network Integration Technology Research Dept
发件人:Henk Birkholz
收件人:sacm@ietf.org,
时间:2017-09-07 18:48:37
主 题:Re: [sacm] new drafts about network infrastructure device's security baseline:

Hi Frank,

wow that is nice complementary work! But may I ask, is the a reason why u started it without me? Isn't is aligning with the i2nsf IM for monitoring? Im only curious.

Viele Grüße,

Henk

On September 7, 2017 10:04:50 AM GMT+02:00, "Xialiang (Frank)" <frank.xialiang@huawei.com> wrote:
Hi all,
We just submit 3 drafts to specify the yang data model of network infrastructure devices (i.e., router, switch, firewall, etc) security posture, or call it security baseline. Each draft covers one of the three planes of network infrastructure devices: data plane, control plane, management plane.

https://tools.ietf.org/html/draft-xia-sacm-nid-dp-security-baseline-00



https://tools.ietf.org/html/draft-dong-sacm-nid-cp-security-baseline-00



https://tools.ietf.org/html/draft-lin-sacm-nid-mp-security-baseline-00


The goal is to facilitate the collection and assessment of the overall security posture of the network infrastructure devices, in order to realize the whole lifecycle security automation for the infrastructure network.
Your comments are warmly welcome!


B.R.
Frank

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

v2.23.0 | Report a Bug | By Email