[ietf-nmsec] FW: Security Requirements for Network Management
Wijnen, Bert (Bert)
bwijnen at lucent.com
Tue Dec 18 17:45:25 EST 2001
forwarded with permission from originator
Bert
-----Original Message-----
From: Davis, Terry L [mailto:terry.l.davis at boeing.com]
Sent: Wednesday, December 12, 2001 10:45 PM
To: 'stjohns at inet.org'; 'bwijnen at lucent.com'
Cc: 'case at snmp.com'
Subject: Security Requirements for Network Management
Mike/Bert
Since the discussion went to technologies immediately, some thoughts at a
high level of what an operator needs from highest priority to lowest:
- Common authentication for
o Secure local access (laptop/terminal plugged into the RS-232 port,
including coming in via a modem, use of the control panel)
o Secure remote terminal access (TLS/IPSec/OtherVPNs)
o SNMP command authentication
- Operation of all remote accesses through the existing security
infrastructure:
o Firewalls
o NAT units
o VPN's
- Authorization at the command level for both CL and SNMP
o senior tech from junior privs
o Colo operator privs from owner privs
o Partner/customer device status access
- Confidentiality for all remote accesses
- Integrity for all remote accesses
- Configuration state validation (something like a secured checksum)
BTW I definitely agreed with the "user friendly"! Main problems simply are
common authentication and access through the security layers.
Take care,
Terry L Davis, P.E.
Associate Technical Fellow
Digital Networks
Connexion by Boeing
Work phone: 425-393-7468
Cell phone: 206-280-3716
Email: Terry.L.Davis at Boeing.com
More information about the ietf-nmsec
mailing list