Operational Security Current Practices in Internet Service Provider Environments
RFC 4778
Document Type RFC - Informational (January 2007; Errata)
Author Merike Kaeo 
Last updated 2020-01-21
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4778 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD David Kessens
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                            M. Kaeo
Request for Comments: 4778                    Double Shot Security, Inc.
Category: Informational                                     January 2007

               Current Operational Security Practices in
                 Internet Service Provider Environments

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document is a survey of the current practices used in today's
   large ISP operational networks to secure layer 2 and layer 3
   infrastructure devices.  The information listed here is the result of
   information gathered from people directly responsible for defining
   and implementing secure infrastructures in Internet Service Provider
   environments.

Kaeo                         Informational                      [Page 1]
RFC 4778                    OPSEC Practices                 January 2007

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
     1.1.  Scope  . . . . . . . . . . . . . . . . . . . . . . . . . .  2
     1.2.  Threat Model . . . . . . . . . . . . . . . . . . . . . . .  3
     1.3.  Attack Sources . . . . . . . . . . . . . . . . . . . . . .  4
     1.4.  Operational Security Impact from Threats . . . . . . . . .  5
     1.5.  Document Layout  . . . . . . . . . . . . . . . . . . . . .  7
   2.  Protected Operational Functions  . . . . . . . . . . . . . . .  8
     2.1.  Device Physical Access . . . . . . . . . . . . . . . . . .  8
     2.2.  Device Management - In-Band and Out-of-Band (OOB)  . . . . 10
     2.3.  Data Path  . . . . . . . . . . . . . . . . . . . . . . . . 16
     2.4.  Routing Control Plane  . . . . . . . . . . . . . . . . . . 18
     2.5.  Software Upgrades and Configuration
           Integrity/Validation . . . . . . . . . . . . . . . . . . . 22
     2.6.  Logging Considerations . . . . . . . . . . . . . . . . . . 26
     2.7.  Filtering Considerations . . . . . . . . . . . . . . . . . 29
     2.8.  Denial-of-Service Tracking/Tracing . . . . . . . . . . . . 30
   3.  Security Considerations  . . . . . . . . . . . . . . . . . . . 32
   4.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 32
   5.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 33
     5.1.  Normative References . . . . . . . . . . . . . . . . . . . 33
     5.2.  Informational References . . . . . . . . . . . . . . . . . 33
   Appendix A.  Protocol Specific Attacks . . . . . . . . . . . . . . 34
     A.1.  Layer 2 Attacks  . . . . . . . . . . . . . . . . . . . . . 34
     A.2.  IPv4 Protocol-Based Attacks  . . . . . . . . . . . . . . . 34
     A.3.  IPv6 Attacks . . . . . . . . . . . . . . . . . . . . . . . 36

1.  Introduction

   Security practices are well understood by the network operators who
   have, for many years, gone through the growing pains of securing
   their network infrastructures.  However, there does not exist a
   written document that enumerates these security practices.  Network
   attacks are continually increasing and although it is not necessarily
   the role of an ISP to act as the Internet police, each ISP has to
   ensure that certain security practices are followed to ensure that
   their network is operationally available for their customers.  This
   document is the result of a survey conducted to find out what current
   security practices are being deployed to secure network
   infrastructures.

1.1.  Scope

   The scope for this survey is restricted to security practices that
   mitigate exposure to risks with the potential to adversely impact
   network availability and reliability.  Securing the actual data
   traffic is outside the scope of the conducted survey.  This document

Kaeo                         Informational                      [Page 2]
RFC 4778                    OPSEC Practices                 January 2007

   focuses solely on documenting currently deployed security mechanisms
   for layer 2 and layer 3 network infrastructure devices.  Although
   primarily focused on IPv4, many of the same practices can (and
   should) apply to IPv6 networks.  Both IPv4 and IPv6 network
   infrastructures are taken into account in this survey.

1.2.  Threat Model

   A threat is a potential for a security violation, which exists when
   there is a circumstance, capability, action, or event that could
   breach security and cause harm [RFC2828].  Every operational network
   is subject to a multitude of threat actions, or attacks, i.e., an
   assault on system security that derives from an intelligent act that
   is a deliberate attempt to evade security services, and violate the
   security policy of a system [RFC2828].  Many of the threats to a
   network infrastructure occur from an instantiation (or combination)
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools