IETF Logo Mail Archive

Re: [sacm] new drafts about network infrastructure device's security baseline:

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Thu, 07 September 2017 18:10 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A2D1132811 for <sacm@ietfa.amsl.com>; Thu, 7 Sep 2017 11:10:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.519
X-Spam-Level:
X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J76NsiKW2OLY for <sacm@ietfa.amsl.com>; Thu, 7 Sep 2017 11:10:39 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74090126DD9 for <sacm@ietf.org>; Thu, 7 Sep 2017 11:10:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8178; q=dns/txt; s=iport; t=1504807839; x=1506017439; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=sOgNuQ6xxE+dwb+pv36hRXR72drRZpoOKsXZlfYzp64=; b=OQbdW+z1aaa4MmdhINx+G/e8s2OcerKvGpedf5gEyKPXhWsnW12I5jIr syp43uK8nrY8Fu4hW4zOo41GRq2U9xqJVXvMBfVUM7nSCDe3Awwv1DlQC 1kzDFL4At+h2hqGTqVxIeh4+OkkK8gsmx/U+C2ggpMVsxWYyMB5hh/UYq c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B9AgDjirFZ/4QNJK1cGQEBAQEBAQEBAQEBBwEBAQEBgm9rZG4nB54ygXGQaYU/ghIKI4UbAoQDQBcBAgEBAQEBAQFrKIUYAQEBBC1MEAIBCBEEAQEoBzIUCQgBAQQBDQUIiUVkELBIizwBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYMqggKBToFjgyiFK4U+BaB0AodZg1qJE5J6lH4CERkBgTgBIAE2gQ13FYVhHIFndokagQ8BAQE
X-IronPort-AV: E=Sophos;i="5.42,359,1500940800"; d="scan'208,217";a="290696240"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Sep 2017 18:10:38 +0000
Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id v87IAcvi017715 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 7 Sep 2017 18:10:38 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 7 Sep 2017 13:10:37 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1263.000; Thu, 7 Sep 2017 13:10:37 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "Xialiang (Frank)" <frank.xialiang@huawei.com>, "sacm@ietf.org" <sacm@ietf.org>
CC: "Linqiushi (Jessica, SCC)" <linqiushi@huawei.com>, "Zhengguangying (Walker)" <zhengguangying@huawei.com>, "dongyue (D)" <dongyue6@huawei.com>
Thread-Topic: new drafts about network infrastructure device's security baseline:
Thread-Index: AdMnr9yvyzoNHtmhQXuBvOw9Rg6/RAAVF6Zg
Date: Thu, 07 Sep 2017 18:10:37 +0000
Message-ID: <4c3aa43995df46dfbded53f39a912ca9@XCH-ALN-010.cisco.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12BB67B58@DGGEML502-MBX.china.huawei.com>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12BB67B58@DGGEML502-MBX.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.108.5]
Content-Type: multipart/alternative; boundary="_000_4c3aa43995df46dfbded53f39a912ca9XCHALN010ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/S3hcaeDaGK4juj6XrWEcHzoB7Fo>
Subject: Re: [sacm] new drafts about network infrastructure device's security baseline:
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2017 18:10:41 -0000

When checking the SACM charter, I do not see any references to network infrastructure or network elements. I believe SACM's initial focus was on endpoints. Do these three drafts even fall in SACM's charter as it is right now?
Panos


From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Xialiang (Frank)
Sent: Thursday, September 07, 2017 4:05 AM
To: sacm@ietf.org
Cc: Linqiushi (Jessica, SCC) <linqiushi@huawei.com>; Zhengguangying (Walker) <zhengguangying@huawei.com>; dongyue (D) <dongyue6@huawei.com>
Subject: [sacm] new drafts about network infrastructure device's security baseline:

Hi all,
We just submit 3 drafts to specify the yang data model of network infrastructure devices (i.e., router, switch, firewall, etc) security posture, or call it security baseline. Each draft covers one of the three planes of network infrastructure devices: data plane, control plane, management plane.

https://tools.ietf.org/html/draft-xia-sacm-nid-dp-security-baseline-00



https://tools.ietf.org/html/draft-dong-sacm-nid-cp-security-baseline-00



https://tools.ietf.org/html/draft-lin-sacm-nid-mp-security-baseline-00

The goal is to facilitate the collection and assessment of the overall security posture of the network infrastructure devices, in order to realize the whole lifecycle security automation for the infrastructure network.
Your comments are warmly welcome!

B.R.
Frank

v2.23.0 | Report a Bug | By Email