Browse Prior Art Database

Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure (RFC3871)

IP.com Disclosure Number: IPCOM000031090D
Original Publication Date: 2004-Sep-01
Included in the Prior Art Database: 2004-Sep-10

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

G. Jones: AUTHOR [+2]

Abstract

This document defines a list of operational security requirements for the infrastructure of large Internet Service Provider (ISP) IP networks (routers and switches). A framework is defined for specifying "profiles", which are collections of requirements applicable to certain network topology contexts (all, core-only, edge-only...). The goal is to provide network operators a clear, concise way of communicating their security requirements to vendors.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group                                      G. Jones, Ed.

Request for Comments: 3871                         The MITRE Corporation

Category: Informational                                   September 2004

              Operational Security Requirements for Large

       Internet Service Provider (ISP) IP Network Infrastructure

Status of this Memo

   This memo provides information for the Internet community.  It does

   not specify an Internet standard of any kind.  Distribution of this

   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document defines a list of operational security requirements for

   the infrastructure of large Internet Service Provider (ISP) IP

   networks (routers and switches).  A framework is defined for

   specifying "profiles", which are collections of requirements

   applicable to certain network topology contexts (all, core-only,

   edge-only...).  The goal is to provide network operators a clear,

   concise way of communicating their security requirements to vendors.

Jones                        Informational                      [Page 1]

RFC 3871           Operational Security Requirements      September 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5

       1.1.  Goals. . . . . . . . . . . . . . . . . . . . . . . . . .  5

       1.2.  Motivation . . . . . . . . . . . . . . . . . . . . . . .  5

       1.3.  Scope. . . . . . . . . . . . . . . . . . . . . . . . . .  5

       1.4.  Definition of a Secure Network . . . . . . . . . . . . .  6

       1.5.  Intended Audience. . . . . . . . . . . . . . . . . . . .  6

       1.6.  Format . . . . . . . . . . . . . . . . . . . . . . . . .  6

       1.7.  Intended Use . . . . . . . . . . . . . . . . . . . . . .  7

       1.8.  Definitions. . . . . . . . . . . . . . . . . . . . . . .  7

   2.  Functional Requirements  . . . . . . . . . . . . . . . . . . . 11

       2.1.  Device Management Requirements . . . . . . . . . . . . . 11

             2.1.1.   Support Secure Channels For Management. . . . . 11

       2.2.  In-Band Management Requirements. . . . . . . . . . . . . 12

             2.2.1.   Use Cryptographic Algorithms Subject To

                      Open Review . . . . . . . . . . . . . . . . . . 12

             2.2.2.   Use Strong Cryptography . . . . . . . . . . . . 13

             2.2.3.   Use Protocols Subject To Open Review For

                      Management. . . . . . . . . . . . . . . . . . . 14

             2.2.4.   Allow Selection of Cryptographic Parameters ....