[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Begin Last Call on draft-ietf-opsec-current-practices-06

To: "Ross Callon" <rcallon@juniper.net>, <opsec@ops.ietf.org>
Subject: RE: Begin Last Call on draft-ietf-opsec-current-practices-06
From: "Romascanu, Dan \(Dan\)" <dromasca@avaya.com>
Date: Mon, 7 Aug 2006 11:58:16 +0300

Here are a few comments: 

1. Section 1.2

> All of the threats in any
   network infrastructure is an instantiation or combination of the
   following:

I would rephrase to fix the syntax, and also to make the statement less
comprehensive (saying 'ALL of the threats in ANY network infrastructure'
seems to be too strong)

2. Section 1.3

> This is
      possible if the attacker has control of a host in the
      communications path between two victim machines or has compromised
      the routing infrastructure to specifically arrange that traffic
      pass through a compromised machine. 

I would mention the case when the traffic is mirrored to a compromised
machine.

Also 

> Thus, if an attack depends on being
      able to receive data, off-path hosts must first subvert the
      topology in order to place themselves on-path.  This is by no
      means impossible but is not necessarily trivial.  [RFC3552]

Is ignoring the same potential threat of hijacking a traffic mirroring
capability installed for debugging, performance monitoring or accounting
purposes and divert traffic to a host that belongs to the attacker
without necessarily subverting the topology.

3. Section 2.2.2 - The two paragraphs that deal with SNMP refer to
community strings, thus they seem to be SNMPv1 and SNMPv2c oriented. The
current standard version is SNMPv3, which has a different security
framework. It's OK to refer to the older versions if this is the current
practice, but the text should explicitly mention this.  

Regards,

Dan




 
 

> -----Original Message-----
> From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On 
> Behalf Of Ross Callon
> Sent: Monday, July 31, 2006 10:01 PM
> To: opsec@ops.ietf.org
> Subject: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
> 
> We will extend this for another week, until August 15th (two 
> weeks from tomorrow), since I forgot to copy the last call to 
> Nanog (which I just fixed).
> 
> Thanks, Ross
> 
> >Date: Mon, 24 Jul 2006 17:01:58 -0400
> >To: opsec@ops.ietf.org
> >From: Ross Callon <rcallon@juniper.net>
> >Subject: Begin Last Call on draft-ietf-opsec-current-practices-06
> >
> >This begins working group last call on 
> >draft-ietf-opsec-current-practices-06
> >"Operational Security Current Practices".  The last call 
> will terminate 
> >two weeks from tomorrow (Tuesday August 8th).
> >
> >Comments to the list please.
> >
> >thanks, Ross
> 
> 
>

Follow-Ups:
- Re: Begin Last Call on draft-ietf-opsec-current-practices-06
  - From: Merike Kaeo <merike@doubleshotsecurity.com>

Prev by Date: Re: draft-lewis-infrastructure-security (Re: Draft Opsec WG minutes from Montreal IETF)
Next by Date: RE: New Draft: draft-lewis-infrastructure-security-00.txt
Previous by thread: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
Next by thread: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
Index(es):
- Date
- Thread