IETF Logo Mail Archive

Re: [sacm] 答复: new drafts about network infrastructure device's security baseline:

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 11 September 2017 21:26 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A469813214D for <sacm@ietfa.amsl.com>; Mon, 11 Sep 2017 14:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjXWzFtQFaeF for <sacm@ietfa.amsl.com>; Mon, 11 Sep 2017 14:26:45 -0700 (PDT)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DFF6132025 for <sacm@ietf.org>; Mon, 11 Sep 2017 14:26:45 -0700 (PDT)
Received: by mail-pf0-x230.google.com with SMTP id q76so2171246pfq.2 for <sacm@ietf.org>; Mon, 11 Sep 2017 14:26:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=JKBum8kiHe2YYFwK3RRFLfTlc7rGUTG4i1n5LTIElso=; b=K4ywvJd71/MxIBslfaw6op5oCkrascbI5jVbhJ8j2H1j9QUADH+6Ek6IvJZjeRvv5H cSy96Vyfudl4mYWhbKsSx2UCnNsVX7teOY29PPMHp8oDRxjqFf5kKfZ7+FjKS2vn0vyg ehHO8ojtCdZR5UoKAuwvZlf08TH9Bjnft12uBURtaR90mnOYmiJuGSsD241JcE4h9FRD Wr5PpXL3JKpoN3azON5+kjUIit+iwVNmuWpNCJhil5l026SYBvt63LDrouXLEoY+fMKJ UrBsflxJKdn1z962ln1ERSXPpJF9nhbzRV24ebrOjcODmqW69i9ku6NAE15/Le76m6V1 GmrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=JKBum8kiHe2YYFwK3RRFLfTlc7rGUTG4i1n5LTIElso=; b=MCxdvWzWo6I0C9H3PD266Eb2E/BNlYnrXSU8dCqyW1mQXnryR5Ajde6wjM4nm5Pvep WEU/o7jvl9/DNV+l8hdApgPE7PaxAmh1gETjiPSviulcpxyIvSCvLedF8515Dpoc329l 20Ir5u0QJ48DK0o9konH3LZundmbSzmPCSL5/ggoqqkBSHjiOmrIKwJTW+ckgMw2lix/ E7Y3wjRbCffWH7auj6MroOty2yJRoSlSb+F/QT2KkyfD6WFdiIFXx8NrirAY8KMlFVMh G42hzZE9CbE3tpAjqBqmNh53BOJXDhJZiPAmpO6GvgvJChut3WMf+6skDdTQ/v+HZDSV ouRg==
X-Gm-Message-State: AHPjjUjQ/WBuOgtYpnpnAyNDcC6vkvKz70EqNLgB0IKEu8mIytPxgvcZ dF7mNpCCpirEcqF+8aNcayFGZiFiSA==
X-Google-Smtp-Source: ADKCNb6lbntdqvxUSmx2I4QD/4E74OSiF8SdxrYLCqdKck5TwmK2pcr6e97AGTNMaDxzYj7x8g9eAc+Re9j/6CzW0Tg=
X-Received: by 10.99.151.73 with SMTP id d9mr12787771pgo.13.1505165204669; Mon, 11 Sep 2017 14:26:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.144.1 with HTTP; Mon, 11 Sep 2017 14:26:04 -0700 (PDT)
In-Reply-To: <808ED0DE-508A-47FA-A9F0-CD60CF586A79@cisco.com>
References: <808ED0DE-508A-47FA-A9F0-CD60CF586A79@cisco.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 11 Sep 2017 17:26:04 -0400
Message-ID: <CAHbuEH4a5RKYED9N0Q=v3-gUOd0QnFgqnLNg-dKJpfArDQW0zQ@mail.gmail.com>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
Cc: "Xialiang (Frank)" <frank.xialiang@huawei.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, "sacm@ietf.org" <sacm@ietf.org>, "Linqiushi (Jessica, SCC)" <linqiushi@huawei.com>, "Zhengguangying (Walker)" <zhengguangying@huawei.com>, "dongyue (D)" <dongyue6@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/xOV1yOqGqLao4QbXaMgAjdQjwrM>
Subject: Re: [sacm] 答复: new drafts about network infrastructure device's security baseline:
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2017 21:26:48 -0000

On Mon, Sep 11, 2017 at 11:35 AM, Nancy Cam-Winget (ncamwing)
<ncamwing@cisco.com> wrote:
> Hi Frank,
>
>
>
> It is not clear to me why we couldn’t reference the work and attributes
> already being worked on in NETMOD and perhaps i2nsf?  While I agree that
> SACM includes network elements as endpoints, I think we can leverage work
> already being defined by other working groups.

Yes, I agree with Nancy.  If the work exists already, it should be
referenced.  YANG is the preferred method and there appears to be
direct copy and paste from IPFIX and other technologies.

Best regards,
Kathleen
>
>
>
> Warm regards, Nancy
>
>
>
>
>
>
>
> From: sacm <sacm-bounces@ietf.org> on behalf of "Xialiang (Frank)"
> <frank.xialiang@huawei.com>
> Date: Thursday, September 7, 2017 at 7:39 PM
> To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, Panos
> Kampanakis <pkampana@cisco.com>, "sacm@ietf.org" <sacm@ietf.org>
> Cc: "Linqiushi (Jessica, SCC)" <linqiushi@huawei.com>, "Zhengguangying
> (Walker)" <zhengguangying@huawei.com>, "dongyue (D)" <dongyue6@huawei.com>
> Subject: [sacm] 答复: new drafts about network infrastructure device's
> security baseline:
>
>
>
> Hi Dave and Panos,
>
> I think Dave gives a very clear and detailed clarification about the
> definition of endpoints in SACM and the latest SACM plan, thanks.
>
>
>
> I will follow the SACM information model and the latest decision to update
> these drafts.
>
> Any comments are welcome!
>
>
>
> B.R.
>
> Frank
>
>
>
> 发件人: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov]
> 发送时间: 2017年9月8日 3:01
> 收件人: Panos Kampanakis (pkampana); Xialiang (Frank); sacm@ietf.org
> 抄送: Linqiushi (Jessica, SCC); Zhengguangying (Walker); dongyue (D)
> 主题: RE: new drafts about network infrastructure device's security baseline:
>
>
>
> Panos,
>
>
>
> At the last IETF meeting we started discussing a charter update. I believe
> we are currently waiting on the chairs to start this discussion on the list.
> This will give the working group an opportunity to clarify this issue in the
> charter.
>
>
>
> As far as endpoints, the definition that has been used for endpoints in the
> SACM charter is the one from RFC 5209, which is “Any computing device that
> can be connected to a network.
>
>       Such devices normally are associated with a particular link layer
>
>       address before joining the network and potentially an IP address
>
>       once on the network.  This includes: laptops, desktops, servers,
>
>       cell phones, or any device that may have an IP address.”
>
>
>
> As most network devices are connected to networks, and often expose a
> management interface that is IP addressable, I’d say they qualify as
> endpoints. This view is also reflected in the SACM terminology, which states
> “To further clarify the [RFC5209] definition, an endpoint is any
>
>       physical or virtual device that may have a network address.  Note
>
>       that, network infrastructure devices (e.g. switches, routers,
>
>       firewalls), which fit the definition, are also considered to be
>
>       endpoints within this document.”
>
>
>
> This text squares with my original view of endpoints way back when we were
> working on the original SACM charter.
>
>
>
> Regards,
>
> Dave
>
>
>
> From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Panos Kampanakis
> (pkampana)
> Sent: Thursday, September 07, 2017 2:11 PM
> To: Xialiang (Frank) <frank.xialiang@huawei.com>; sacm@ietf.org
> Cc: Linqiushi (Jessica, SCC) <linqiushi@huawei.com>; Zhengguangying (Walker)
> <zhengguangying@huawei.com>; dongyue (D) <dongyue6@huawei.com>
> Subject: Re: [sacm] new drafts about network infrastructure device's
> security baseline:
>
>
>
> When checking the SACM charter, I do not see any references to network
> infrastructure or network elements. I believe SACM’s initial focus was on
> endpoints. Do these three drafts even fall in SACM’s charter as it is right
> now?
>
> Panos
>
>
>
>
>
> From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Xialiang (Frank)
> Sent: Thursday, September 07, 2017 4:05 AM
> To: sacm@ietf.org
> Cc: Linqiushi (Jessica, SCC) <linqiushi@huawei.com>; Zhengguangying (Walker)
> <zhengguangying@huawei.com>; dongyue (D) <dongyue6@huawei.com>
> Subject: [sacm] new drafts about network infrastructure device's security
> baseline:
>
>
>
> Hi all,
>
> We just submit 3 drafts to specify the yang data model of network
> infrastructure devices (i.e., router, switch, firewall, etc) security
> posture, or call it security baseline. Each draft covers one of the three
> planes of network infrastructure devices: data plane, control plane,
> management plane.
>
> https://tools.ietf.org/html/draft-xia-sacm-nid-dp-security-baseline-00
>
>
>
> https://tools.ietf.org/html/draft-dong-sacm-nid-cp-security-baseline-00
>
>
>
> https://tools.ietf.org/html/draft-lin-sacm-nid-mp-security-baseline-00
>
>
>
> The goal is to facilitate the collection and assessment of the overall
> security posture of the network infrastructure devices, in order to realize
> the whole lifecycle security automation for the infrastructure network.
>
> Your comments are warmly welcome!
>
>
>
> B.R.
>
> Frank
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email