[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Begin Last Call on draft-ietf-opsec-current-practices-06

To: "Merike Kaeo" <merike@doubleshotsecurity.com>
Subject: RE: Begin Last Call on draft-ietf-opsec-current-practices-06
From: "Romascanu, Dan \(Dan\)" <dromasca@avaya.com>
Date: Mon, 4 Sep 2006 16:59:17 +0300
Cc: "Ross Callon" <rcallon@juniper.net>, <opsec@ops.ietf.org>

Sorry to get back to you that late, but vacation season interfered. For
the third comment, because of the distance between 2.2.2 and 2.2.4, I
believe it would have been more clear to add at the first occurrence of
the words 'community string' something like '(used in SNMPv1 and
SNMPv2c)'. I se that 07 is out, it would be nice to add this if still
possible, but it's not a show-stopper. 

Dan


 
 

> -----Original Message-----
> From: Merike Kaeo [mailto:merike@doubleshotsecurity.com] 
> Sent: Saturday, August 12, 2006 12:59 AM
> To: Romascanu, Dan (Dan)
> Cc: Ross Callon; opsec@ops.ietf.org
> Subject: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
> 
> I can modify wording as pointed out in your comments 1 and 2 below.
> 
> For the third comment on SNMP, noone I talked to said 
> anything about using
> SNMPv3 nor have any comments from ISPs mentioned it.  Do you 
> think I need to put more explicit text in the main 2.2.2 
> section? Note that it was implied that SNMPv3 was not used in 
> the additional considerations section with the following paragraph:
> 
> " In instances where SNMP is used, some legacy devices only support
>     SNMPv1 which then requires the provider to mandate its 
> use across all
>     infrastructure devices for operational simplicity.  SNMPv2 is
>     primarily deployed since it is easier to set up than v3."
> 
> Thanks.
> 
> - merike
> 
> On Aug 7, 2006, at 1:58 AM, Romascanu, Dan ((Dan)) wrote:
> 
> > Here are a few comments:
> >
> > 1. Section 1.2
> >
> >> All of the threats in any
> >    network infrastructure is an instantiation or combination of the
> >    following:
> >
> > I would rephrase to fix the syntax, and also to make the statement 
> > less comprehensive (saying 'ALL of the threats in ANY network 
> > infrastructure'
> > seems to be too strong)
> >
> > 2. Section 1.3
> >
> >> This is
> >       possible if the attacker has control of a host in the
> >       communications path between two victim machines or has 
> > compromised
> >       the routing infrastructure to specifically arrange 
> that traffic
> >       pass through a compromised machine.
> >
> > I would mention the case when the traffic is mirrored to a 
> compromised 
> > machine.
> >
> > Also
> >
> >> Thus, if an attack depends on being
> >       able to receive data, off-path hosts must first subvert the
> >       topology in order to place themselves on-path.  This is by no
> >       means impossible but is not necessarily trivial.  [RFC3552]
> >
> > Is ignoring the same potential threat of hijacking a 
> traffic mirroring 
> > capability installed for debugging, performance monitoring or 
> > accounting purposes and divert traffic to a host that 
> belongs to the 
> > attacker without necessarily subverting the topology.
> >
> > 3. Section 2.2.2 - The two paragraphs that deal with SNMP refer to 
> > community strings, thus they seem to be SNMPv1 and SNMPv2c 
> oriented. 
> > The current standard version is SNMPv3, which has a 
> different security 
> > framework. It's OK to refer to the older versions if this is the 
> > current practice, but the text should explicitly mention this.
> >
> > Regards,
> >
> > Dan
> >
> >
> >
> >
> >
> >
> >
> >> -----Original Message-----
> >> From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On 
> Behalf Of 
> >> Ross Callon
> >> Sent: Monday, July 31, 2006 10:01 PM
> >> To: opsec@ops.ietf.org
> >> Subject: Re: Begin Last Call on 
> draft-ietf-opsec-current-practices-06
> >>
> >> We will extend this for another week, until August 15th (two weeks 
> >> from tomorrow), since I forgot to copy the last call to 
> Nanog (which 
> >> I just fixed).
> >>
> >> Thanks, Ross
> >>
> >>> Date: Mon, 24 Jul 2006 17:01:58 -0400
> >>> To: opsec@ops.ietf.org
> >>> From: Ross Callon <rcallon@juniper.net>
> >>> Subject: Begin Last Call on draft-ietf-opsec-current-practices-06
> >>>
> >>> This begins working group last call on
> >>> draft-ietf-opsec-current-practices-06
> >>> "Operational Security Current Practices".  The last call
> >> will terminate
> >>> two weeks from tomorrow (Tuesday August 8th).
> >>>
> >>> Comments to the list please.
> >>>
> >>> thanks, Ross
> >>
> >>
> >>
> >
> >
> 
>

Follow-Ups:
- Re: Begin Last Call on draft-ietf-opsec-current-practices-06
  - From: Merike Kaeo <merike@doubleshotsecurity.com>

Prev by Date: draft-jones-opsec-profile-guide-00.txt
Next by Date: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
Previous by thread: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
Next by thread: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
Index(es):
- Date
- Thread