Transcript PPT Version
OPSEC WG
_______
Operational Security Capabilities
for IP Network Infrastructure
IETF #63
IETF-63 OPSEC WG
Note Well
Any submission to the IETF intended by the Contributor for publication as all or
part of an IETF Internet-Draft or RFC and any statement made within the
context of an IETF activity is considered an "IETF Contribution". Such
statements include oral statements in IETF sessions, as well as written and
electronic communications made at any time or place, which are addressed
to:
– the IETF plenary session,
– any IETF working group or portion thereof,
– the IESG, or any member thereof on behalf of the IESG,
– the IAB or any member thereof on behalf of the IAB,
– any IETF mailing list, including the IETF list itself, any working group or
design team list, or any other list functioning under IETF auspices,
– the RFC Editor or the Internet-Drafts function
All IETF Contributions are subject to the rules of RFC 3667 and RFC 3668.
Statements made outside of an IETF session, mailing list or other function, that
are clearly not intended to be input to an IETF activity, group or function, are
not IETF Contributions in the context of this notice.
Please consult RFC 3667 for details.
IETF-63 OPSEC WG
Front Administrativia
• Minutes scribe?
• Jabber scribe? (opsec) ietfxmpp.org
• When speaking:
– Please identify yourself (for the scribes)
– Don’t mumble
– Speak at/to/near the microphone. The audio is being
streamed out.
IETF-63 OPSEC WG
Agenda
1. (9:05) Agenda bashing. [1 min - Pat/Ross]
2. (9:06) General status.
[5 min - Pat/Ross ]
3. (9:11) Status of existing documents
3.1 (9:12) Framework [5 min – Pat or Ross or someone else]
3.2 (9:17) Survey of Service Provider Security Practices [10 min - Merike]
3.3 (9:27) Filtering Capabilities for IP Network Infr. [10 min - Chris Morrow]
4 (9:38) New Document(s)
4.1 A proposed new document on best practices
[10 min -- Darrel Lewis, Chris Morrow, Paul Quinn]
5. (9:48) Other business
6. (9:49) Ajourn
IETF-63 OPSEC WG
Charter: Outputs
1. Framework Document
• Out for review
2. Current Practices Document
• Out for review
3. Individual Capability Documents
• Looking for editors/reviewers
4. Profile Documents
• In the future
IETF-63 OPSEC WG
Available Documents
• Framework for Operational Security Capabilities
for IP Network Infrastructure
– draft-ietf-opsec-framework-00.txt
• Security Best Practices Efforts and Documents
– draft-ietf-opsec-efforts-01.txt
• Operational Security Current Practices
– draft-ietf-opsec-current-practices-01.txt
• Filtering Capabilities for IP Network Infrastructure
– http://www.port111.com/opsec/draft-morrow-filter-caps01.txt
IETF-63 OPSEC WG
Capabilities Docs in Charter
• Other Capabilities Documents:
Packet Filtering
Event Logging
? In-Band management
? Out-of-Band management
– Configuration and Management Interface
– Authentication, Authorization and Accounting (AAA)
– Documentation and Assurance
– Miscellaneous
IETF-63 OPSEC WG
Framework Doc.
<draft-ietf-opsec-framework-00>
IETF-63 OPSEC WG
Framework Doc
• This is a roadmap for us.
• Current version has expired
• New version – with minor mods –
upcoming.
• The goal is to keep this around until we
terminate.
IETF-63 OPSEC WG
Operational Security
Current Practices
<draft-ietf-opsec-current-practices-01>
IETF-63 OPSEC WG
Filtering Capabilities for IP
Network Infrastructure.
<draft-morrow-filter-caps-01>
IETF-63 OPSEC WG
A proposed new document on
best practices
<draft-unknown-00>
IETF-63 OPSEC WG
Discussion/Administratia
• Time for Discussion
• Maillist:
– General Discussion: [email protected]
– To Subscribe: [email protected]
In Body: subscribe
– Archive: http://ops.ietf.org/lists/opsec/
IETF-63 OPSEC WG