Browse Prior Art Database

Recommended Internet Service Provider Security Services and Procedures (RFC3013)

IP.com Disclosure Number: IPCOM000005205D
Original Publication Date: 2000-Nov-01
Included in the Prior Art Database: 2001-Aug-17
Document File: 14 page(s) / 28K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

T. Killalea: AUTHOR

Abstract

The purpose of this document is to express what the engineering community as represented by the IETF expects of Internet Service Providers (ISPs) with respect to security.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 12% of the total text.

Network Working Group T. Killalea Request for Comments: 3013 neart.org BCP: 46 November 2000 Category: Best Current Practice

Recommended Internet Service Provider Security Services and Procedures

Status of this Memo

This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

The purpose of this document is to express what the engineering community as represented by the IETF expects of Internet Service Providers (ISPs) with respect to security.

It is not the intent of this document to define a set of requirements that would be appropriate for all ISPs, but rather to raise awareness among ISPs of the community's expectations, and to provide the community with a framework for discussion of security expectations with current and prospective service providers.

Killalea Best Current Practice [Page 1]

RFC 3013 Recommended ISP Security November 2000

Table of Contents

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.1 Conventions Used in this Document. . . . . . . . . . . . . . 3 2 Communication. . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1 Contact Information. . . . . . . . . . . . . . . . . . . . . 3 2.2 Information Sharing. . . . . . . . . . . . . . . . . . . . . 4 2.3 Secure Channels. . . . . . . . . . . . . . . . . . . . . . . 4 2.4 Notification of Vulnerabilities and Reporting Incidents. . . 4

2.5 ISPs and Computer Security Incident Response Teams (CSIRTs). 5 3 Appropriate Use Policy . . . . . . . . . . . . . . . . . . . . . 5 3.1 Announcement of Policy . . . . . . . . . . . . . . . . . . . 6 3.2 Sanctions. . . . . . . . . . . . . . . . . . . . . . . . . . 6

3.3 Data Protection. . . . . . . . . . . . . . . . . . . . . . . 6 4 Network Infrastructure . . . . . . . . . . . . . . . . . . . . . 6 4.1 Registry Data Maintenance. . . . . . . . . . . . . . . . . . 6 4.2 Routing Infrastructure . . . . . . . . . . . . . . . . . . . 7 4.3 Ingress Filtering on Source Address. . . . . . . . . . . . . 7 4.4 Egress Filtering on Source Address . . . . . . . . . . . . . 8 4.5 Route Filtering. . . . . . . . . . . . . . . . . . . . . . . 8

4.6 Directed Broadcast . . . . . . . . . . . . . . . . . . . . . 8 5 Systems Infrastructure . . . . . . . . . . . . . . . . . . . . . 9 5.1 System Management. . . . . . . . . . . . . . . . . . . . . . 9 5.2 No Systems on Transit Networks . . . . . . . . . . . . . . . 9 5.3 Open Mail Relay. . . . . . . . . . . . . . . . . . . . . . . 9

5.4 Message Submission . . . . . . . . . . . . . . . . . . . . . 9 6 References . . . . . . . . . . . . . . . . . . . . . . . . . . .10 7 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . .12 8 Security Cons...