The Awards: Best network service provider security architecture

Sean Donelan sean at donelan.com
Tue Jan 21 20:07:39 UTC 2003


I've been looking at a lot of different technical security architectures
for network providers.  Obviously many providers keep their security
secret, so they may or may not have a decent security architecture.
Nevertheless there is still a lot of good information available from
government agency networks, academics and vendors.

The best network service provider security architecture document

First Place: Information Assurance Technical Framework
Second Place: The ESNET unclassified Security Plan
Third Place: University of Washington Network Security Credo

>From the IATF document http://www.iatf.net/

5.1 Availability of Backbone Network

I would disagree about item #3, IP is a datagram service, and does not
protect against delay or packet drops (see item #1).  Otherwise this is a
decent list of functional security requirements for most Internet
backbone providers.  Its short, but covers the big items.

1. BNs must provide an agreed level of responsiveness, continuity of
    service and resistance to accidental or intentional corruption of the
    communications service.  (The agreement is between the owners of the
    network and the users of the network.)

2. BNs are not required to provide security services of user data
   (such as confidentiality and integrity)that is the user's
   responsibility.

3. BNs must protect against the delay, misdelivery, or nondelivery of
   otherwise adequately protected information.

4. BNs, as a part of the end-to-end information transfer system, must
   provide the service transparently to the user.

5. As part of the transparency requirement, the BN must operate
   seamlessly with other backbones and local networks.





More information about the NANOG mailing list