Operational Security Current Practices in Internet Service Provider Environments
RFC 4778
Network Working Group M. Kaeo
Request for Comments: 4778 Double Shot Security, Inc.
Category: Informational January 2007
Current Operational Security Practices in
Internet Service Provider Environments
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
This document is a survey of the current practices used in today's
large ISP operational networks to secure layer 2 and layer 3
infrastructure devices. The information listed here is the result of
information gathered from people directly responsible for defining
and implementing secure infrastructures in Internet Service Provider
environments.
Kaeo Informational [Page 1]
RFC 4778 OPSEC Practices January 2007
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2. Threat Model . . . . . . . . . . . . . . . . . . . . . . . 3
1.3. Attack Sources . . . . . . . . . . . . . . . . . . . . . . 4
1.4. Operational Security Impact from Threats . . . . . . . . . 5
1.5. Document Layout . . . . . . . . . . . . . . . . . . . . . 7
2. Protected Operational Functions . . . . . . . . . . . . . . . 8
2.1. Device Physical Access . . . . . . . . . . . . . . . . . . 8
2.2. Device Management - In-Band and Out-of-Band (OOB) . . . . 10
2.3. Data Path . . . . . . . . . . . . . . . . . . . . . . . . 16
2.4. Routing Control Plane . . . . . . . . . . . . . . . . . . 18
2.5. Software Upgrades and Configuration
Integrity/Validation . . . . . . . . . . . . . . . . . . . 22
2.6. Logging Considerations . . . . . . . . . . . . . . . . . . 26
2.7. Filtering Considerations . . . . . . . . . . . . . . . . . 29
2.8. Denial-of-Service Tracking/Tracing . . . . . . . . . . . . 30
3. Security Considerations . . . . . . . . . . . . . . . . . . . 32
4. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 32
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.1. Normative References . . . . . . . . . . . . . . . . . . . 33
5.2. Informational References . . . . . . . . . . . . . . . . . 33
Appendix A. Protocol Specific Attacks . . . . . . . . . . . . . . 34
A.1. Layer 2 Attacks . . . . . . . . . . . . . . . . . . . . . 34
A.2. IPv4 Protocol-Based Attacks . . . . . . . . . . . . . . . 34
A.3. IPv6 Attacks . . . . . . . . . . . . . . . . . . . . . . . 36
1. Introduction
Security practices are well understood by the network operators who
have, for many years, gone through the growing pains of securing
their network infrastructures. However, there does not exist a
written document that enumerates these security practices. Network
attacks are continually increasing and although it is not necessarily
the role of an ISP to act as the Internet police, each ISP has to
ensure that certain security practices are followed to ensure that
their network is operationally available for their customers. This
document is the result of a survey conducted to find out what current
security practices are being deployed to secure network
infrastructures.
1.1. Scope
The scope for this survey is restricted to security practices that
mitigate exposure to risks with the potential to adversely impact
network availability and reliability. Securing the actual data
traffic is outside the scope of the conducted survey. This document
Kaeo Informational [Page 2]
RFC 4778 OPSEC Practices January 2007
focuses solely on documenting currently deployed security mechanisms
for layer 2 and layer 3 network infrastructure devices. Although
primarily focused on IPv4, many of the same practices can (and
should) apply to IPv6 networks. Both IPv4 and IPv6 network
infrastructures are taken into account in this survey.
1.2. Threat Model
A threat is a potential for a security violation, which exists when
there is a circumstance, capability, action, or event that could
breach security and cause harm [RFC2828]. Every operational network
is subject to a multitude of threat actions, or attacks, i.e., an
assault on system security that derives from an intelligent act that
is a deliberate attempt to evade security services, and violate the
security policy of a system [RFC2828]. Many of the threats to a
network infrastructure occur from an instantiation (or combination)
Show full document text