From jis at MIT.EDU  Wed Dec 12 22:17:48 2001
From: jis at MIT.EDU (Jeffrey I. Schiller)
Date: Wed, 12 Dec 2001 20:17:48 -0700
Subject: [ietf-nmsec] Testing
Message-ID: <20011212201748.B885@mit.edu>

Just testing that the list works.


From bwijnen at lucent.com  Tue Dec 18 17:45:25 2001
From: bwijnen at lucent.com (Wijnen, Bert (Bert))
Date: Tue, 18 Dec 2001 23:45:25 +0100
Subject: [ietf-nmsec] FW: Security Requirements for Network Management
Message-ID: <2413FED0DFE6D111B3F90008C7FA61FB0E2645BA@nl0006exch002u.nl.lucent.com>

forwarded with permission from originator

Bert 

-----Original Message-----
From: Davis, Terry L [mailto:terry.l.davis at boeing.com]
Sent: Wednesday, December 12, 2001 10:45 PM
To: 'stjohns at inet.org'; 'bwijnen at lucent.com'
Cc: 'case at snmp.com'
Subject: Security Requirements for Network Management


Mike/Bert

Since the discussion went to technologies immediately, some thoughts at a
high level of what an operator needs from highest priority to lowest:

-	Common authentication for
o	Secure local access (laptop/terminal plugged into the RS-232 port,
including coming in via a modem, use of the control panel)
o	Secure remote terminal access (TLS/IPSec/OtherVPNs)
o	SNMP command authentication
-	Operation of all remote accesses through the existing security
infrastructure:
o	Firewalls
o	NAT units
o	VPN's
-	Authorization at the command level for both CL and SNMP
o	senior tech from junior privs
o	Colo operator privs from owner privs
o	Partner/customer device status access
-	Confidentiality for all remote accesses
-	Integrity for all remote accesses
-	Configuration state validation (something like a secured checksum)

BTW I definitely agreed with the "user friendly"!  Main problems simply are
common authentication and access through the security layers.

Take care,

Terry L Davis, P.E.

Associate Technical Fellow
Digital Networks
Connexion by Boeing

Work phone: 425-393-7468
Cell phone:    206-280-3716

Email: Terry.L.Davis at Boeing.com