[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Begin Last Call on draft-ietf-opsec-current-practices-06

To: Ross Callon <rcallon@juniper.net>
Subject: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
From: Russ White <riw@cisco.com>
Date: Fri, 28 Jul 2006 18:35:09 -0400
Authentication-results: rtp-dkim-2.cisco.com; header.From=riw@cisco.com; dkim=pass ( 27 extraneous bytes; sig from cisco.com verified; );
Cc: opsec@ops.ietf.org
Dkim-signature: a=rsa-sha1; q=dns; l=2423; t=1154126123; x=1154990123; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=riw@cisco.com; z=From:Russ=20White=20<riw@cisco.com> |Subject:Re=3A=20Begin=20Last=20Call=20on=20draft-ietf-opsec-current-practices-06 |To:Ross=20Callon=20<rcallon@juniper.net>; X=v=3Dcisco.com=3B=20h=3DIRMlnNoWq5t6/UZGY17bZSWcTS8=3D; b=p45AG+V+rKDQjn0lmMcqW0iliZK3kgRyqQr95cQnU4ADpAfqLxrjQijRA0GLLdz2GOEykrZh ftsj56SylIYMZ3vp5CxwzKzihVaYvjiJoWYHdRimmo23kimE/Clbr3Sw;
In-reply-to: <5.0.0.25.2.20060724165842.030a8eb0@zircon.juniper.net>
References: <5.0.0.25.2.20060724165842.030a8eb0@zircon.juniper.net>
User-agent: Thunderbird 1.5.0.5 (Windows/20060719)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Some nits, mostly...

1.1 Scope

"Securing the actual data traffic is outside the scope of the conducted
survey."

Replace with:

"The survey did not include questions on techniques used to secure data
traffic."

or some such....

==

2.1.2

"Individual users are authentication to get basic access."

I think this is just replace "authentication" with "authenticated."

==

Section 2.3

In the first sentence in the paragraph, replace "separate path as," with
"separate path than," I think.

==

The first paragraph of section 2.3.2 needs to be reworded, I think (?).
Perhaps:

"OOB is done via terminal servers located at each site, and SSH access
is used to access these terminal servers. Dial-in access is generally
configured as well, to provide access to the site when the network is
not operational. Dial-back, encrypting modems, and/or one time passwords
are generally used instead of plain dial-in services.

==

2.3.2, later on....

"....in place to change these community strings between 30-90 days."

Replace "between" with "every."

==

2.3.3

Bullet "Data Integrity," replace "noone" with "no-one."

==

2.3.3

Bullet "Auditing/Logging," this seems to be a bit awkward. Perhaps.

"Using AAA services provides an audit trail, which logs user access and
activity."

==

2.3.4

"to manage those device."

I think "device" should be plural.

==

2.4.2

Add a "the" between "in" and "process" in the last paragraph.

==

2.6.7

Replace the first sentence with:

"Images and configurations are stored on specific hosts to which users
have limited access."

or some such....

==

There might have been others that I didn't mark while I was going
through it....

Technically, it looks fine....

:-)

Russ

Ross Callon wrote:
> This begins working group last call on
> draft-ietf-opsec-current-practices-06
> "Operational Security Current Practices".  The last call will terminate two
> weeks from tomorrow (Tuesday August 8th).
> 
> Comments to the list please.
> 
> thanks, Ross

- --
riw@cisco.com CCIE <>< Grace Alone

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEypEdER27sUhU9OQRAtWdAKDGvOOrVf4k7dIAXrnTUwLfgXd6bgCg6USk
nxsgBHiiuseP4wgeOFAQcwQ=
=JbqH
-----END PGP SIGNATURE-----

References:
- Begin Last Call on draft-ietf-opsec-current-practices-06
  - From: Ross Callon <rcallon@juniper.net>

Prev by Date: xml2rfc 1.31 is out
Next by Date: Draft Opsec WG minutes from Montreal IETF
Previous by thread: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
Next by thread: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
Index(es):
- Date
- Thread