Network Security Requirements draft
George Jones
george at UU.NET
Tue Jun 18 13:56:29 UTC 2002
We (UUNET) have an internal document that we've been using for a few
years as the basis for tests of security features of equipment to be
connected to our backbone. We're interested in making it public so
that it can be improved and so that others can use it. You can view
the current draft at:
http://www.port111.com/docs/draft-jones-netsec-reqs-00.html (HTML)
or
http://www.port111.com/docs/draft-jones-netsec-reqs-00.txt (text)
the overall goal is an improvement in the security features of devices
implementing IP. The means that this document tries to provide is a
clear definition of security requirements that consumers/operators of
networking gear can point to (in RFPs) to say "see, we want security
and this is what it means".
The current list of requirements is skewed to the needs of large
networks (consider the source), but it does provide a means of
defining "profiles" for specifying subsets of requirements for
different classes of devices (core, edge, ... toasters.).
Most of the requirements specify features that are generally
implemented today (logging, aaa), though some of the requirements
specify highly desirable features that are not implemented in current
products (stealthing, monitoring, sampling, etc.)
What we're requesting here is feedback network operators and vendors
on how to make this document useful in achieving actual improvements
in security. Specifically, we're requesting feedback/discussion on:
* The requirements listed
* Important requirements that are missing
* Document structure
* How to make it useful.
The next step will likely be submission of an Internet draft-
c.a. July 2. Input prior to that date stands a much better chance of
being included :-)
Feel free to reply to me <george at uu.net> or reply to the list.
Thanks,
---George Jones
More information about the NANOG
mailing list