Transcript PPT Version
OPSEC WG
_______
Operational Security Capabilities
for IP Network Infrastructure
IETF #65 - Dallas
IETF-63 OPSEC WG
Note Well
Any submission to the IETF intended by the Contributor for publication as all or
part of an IETF Internet-Draft or RFC and any statement made within the
context of an IETF activity is considered an "IETF Contribution". Such
statements include oral statements in IETF sessions, as well as written and
electronic communications made at any time or place, which are addressed
to:
– the IETF plenary session,
– any IETF working group or portion thereof,
– the IESG, or any member thereof on behalf of the IESG,
– the IAB or any member thereof on behalf of the IAB,
– any IETF mailing list, including the IETF list itself, any working group or
design team list, or any other list functioning under IETF auspices,
– the RFC Editor or the Internet-Drafts function
All IETF Contributions are subject to the rules of RFC 3667 and RFC 3668.
Statements made outside of an IETF session, mailing list or other function, that
are clearly not intended to be input to an IETF activity, group or function, are
not IETF Contributions in the context of this notice.
Please consult RFC 3667 for details.
IETF-63 OPSEC WG
Front Administrativia
• Backup Minutes scribe?
• Jabber scribe? (opsec) rooms.jabber.ietf.org
• When speaking:
– Please identify yourself (for the scribes)
– Don’t mumble
– Speak at/to/near the microphone. The audio is being
streamed out. (aka, “eat the mike”)
IETF-63 OPSEC WG
Discussion/Administratia
• Time for Discussion
• Maillist:
– General Discussion: [email protected]
– To Subscribe: [email protected]
In Body: subscribe
– Archive: http://ops.ietf.org/lists/opsec/
IETF-63 OPSEC WG
Agenda
• 1510-1514: Introductions and Housekeeping (Pat/Ross)
• 1515-1530: Document and WG status (Ross/Pat)
• 1531-1535: Adjusted Milestones (Ross)
• 1536-1558: Profiling Capabilities (Pat)
• 16:00:
Adjourn
IETF-63 OPSEC WG
Charter: Outputs
1. Framework Document
• Out for review
2. Current Practices Document
• Out for review
3. Individual Capability Documents
• Looking for editors/reviewers
4. Profile Documents
• In the future
IETF-63 OPSEC WG
Document and WG status
IETF-63 OPSEC WG
Available Documents
• Framework for Operational Security Capabilities
for IP Network Infrastructure
• draft-ietf-opsec-framework-02.txt
• Security Best Practices Efforts and Documents
• draft-ietf-opsec-efforts-02.txt
• Operational Security Current Practices
• draft-ietf-opsec-current-practices-02.txt
• Filtering Capabilities for IP Network Infrastructure
• draft-ietf-opsec-current-practices-02.txt
IETF-63 OPSEC WG
Newly Available Documents
• Miscellaneous Capabilities for IP Network
Infrastructure
• draft-ietf-opsec-misc-cap-00.txt
• Network Management Access Security Capabilities
• draft-ietf-opsec-nmasc-00.txt
IETF-63 OPSEC WG
Adjusted Milestones
IETF-63 OPSEC WG
Capabilities Docs in Charter
Packet Filtering
Event Logging
(Management Capabilties)
In-Band management
Out-of-Band management
? Configuration and Management Interface
Authentication, Authorization & Accounting (AAA)
? Documentation and Assurance
Miscellaneous
IETF-63 OPSEC WG
Milestones - Completed
Orig
1.
2.
3.
4.
5.
Done
Done
Done
Done
Done
6.
7.
8.
Done
Done
Done
New
Task
Complete Charter
First draft of Framework Doc as ID
First draft of Standards Survey Doc as ID
First draft of Packet Filtering Capabilities
First draft of Network Operator Current
Security Practices
First draft of In-Band management caps
First draft of Out-of-Band management caps
First draft of Miscellaneous capabilities
IETF-63 OPSEC WG
Milestones - Upcoming
Orig
1. Oct 04
2. Feb 05
3. Mar 05
4. Mar 05
5. Mar 05
6. May 05
7. Jun 05
8. Jun 05
9. Aug 05
10.Sep 05
New
Task
Jul 06 First draft of Event Logging Caps
Jun 06 First draft of AAA Capabilities
none
First draft of Deliberations Summary
Feb 07 Submit Framework to IESG
Nov 06 Submit Standards Survey to IESG
Nov 06 Submit Current Sec Prac to IESG
Nov 06 Submit Packet Filtering caps to IESG
Jul 07
Submit Event Logging Caps to IESG
Jul 07 Submit AAA doc to IESG
Jul 07 Submit Misc caps doc to IESG
IETF-63 OPSEC WG
Milestones – In Flux
Orig
New
Task
1. Jan 05
?
1st draft of Config & Mg Int Caps
2. Feb 05 Jun 06 1st draft of Doc & Assurance caps
3. May 05
?
First draft of ISP Profile
4. May 05
?
First draft of Large Enterprise Profile
5. Jul 05 Mar 07 Submit In-Band mgt caps to IESG
6. Jul 05 Mar 07 Submit Out-of-Band mgt caps to IESG
7. Aug 05
?
Submit Config & Mgt Interface caps
to IESG
8. Sep 05 Jul 07 Submit Doc & Assurance cap to IESG
9. Dec 05
?
Submit ISP Profile to IESG
10. Dec 05 ?
Submit Large Enterprise Profile to IESG
IETF-63 OPSEC WG
Profiles
IETF-63 OPSEC WG
Profiles
• Charter:
– Profile the capabilities documents for ISP and
large Enterprise environments
• We don’t need them right now… but…
• Do people still want them?
– Volunteers
– Ideas or outlines?
– Are we missing any capability docs?
IETF-63 OPSEC WG
End
IETF-63 OPSEC WG