IETF-63 OPSEC WG

OPSEC WG_______

Operational Security Capabilities for IP Network

Infrastructure IETF #65 - Dallas

IETF-63 OPSEC WG

Note WellAny submission to the IETF intended by the Contributor for publication

as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: – the IETF plenary session, – any IETF working group or portion thereof, – the IESG, or any member thereof on behalf of the IESG, – the IAB or any member thereof on behalf of the IAB, – any IETF mailing list, including the IETF list itself, any working

group or design team list, or any other list functioning under IETF auspices,

– the RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 3667 and RFC

3668.Statements made outside of an IETF session, mailing list or other

function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice.

Please consult RFC 3667 for details.

IETF-63 OPSEC WG

Front Administrativia

• Backup Minutes scribe?

• Jabber scribe? (opsec) rooms.jabber.ietf.org• When speaking:

– Please identify yourself (for the scribes)– Don’t mumble– Speak at/to/near the microphone. The audio is being

streamed out. (aka, “eat the mike”)

IETF-63 OPSEC WG

Discussion/Administratia

• Time for Discussion• Maillist:

– General Discussion: opsec@ops.ietf.org– To Subscribe: opsec-request@ops.ietf.org

In Body: subscribe– Archive: http://ops.ietf.org/lists/opsec/

IETF-63 OPSEC WG

Agenda

• 1510-1514: Introductions and Housekeeping (Pat/Ross)

• 1515-1530: Document and WG status (Ross/Pat)

• 1531-1535: Adjusted Milestones (Ross)

• 1536-1558: Profiling Capabilities (Pat)

• 16:00: Adjourn

IETF-63 OPSEC WG

Charter: Outputs

1. Framework Document• Out for review

2. Current Practices Document• Out for review

3. Individual Capability Documents• Looking for editors/reviewers

4. Profile Documents• In the future

IETF-63 OPSEC WG

Document and WG status

IETF-63 OPSEC WG

Available Documents

• Framework for Operational Security Capabilities for IP Network Infrastructure

• draft-ietf-opsec-framework-02.txt

• Security Best Practices Efforts and Documents • draft-ietf-opsec-efforts-02.txt

• Operational Security Current Practices • draft-ietf-opsec-current-practices-02.txt

• Filtering Capabilities for IP Network Infrastructure• draft-ietf-opsec-current-practices-02.txt

IETF-63 OPSEC WG

Newly Available Documents

• Miscellaneous Capabilities for IP Network Infrastructure

• draft-ietf-opsec-misc-cap-00.txt

• Network Management Access Security Capabilities • draft-ietf-opsec-nmasc-00.txt

IETF-63 OPSEC WG

Adjusted Milestones

IETF-63 OPSEC WG

Capabilities Docs in Charter

Packet Filtering

Event Logging (Management Capabilties)

In-Band management

Out-of-Band management

? Configuration and Management Interface

Authentication, Authorization & Accounting (AAA)

? Documentation and Assurance

Miscellaneous

IETF-63 OPSEC WG

Milestones - Completed

Orig New Task

1. Done Complete Charter

2. Done First draft of Framework Doc as ID

3. Done First draft of Standards Survey Doc as ID

4. Done First draft of Packet Filtering Capabilities

5. Done First draft of Network Operator CurrentSecurity Practices

6. Done First draft of In-Band management caps

7. Done First draft of Out-of-Band management caps

8. Done First draft of Miscellaneous capabilities

IETF-63 OPSEC WG

Milestones - UpcomingOrig New Task

1. Oct 04 Jul 06 First draft of Event Logging Caps2. Feb 05 Jun 06 First draft of AAA Capabilities3. Mar 05 none First draft of Deliberations Summary4. Mar 05 Feb 07 Submit Framework to IESG5. Mar 05 Nov 06 Submit Standards Survey to IESG 6. May 05 Nov 06 Submit Current Sec Prac to IESG7. Jun 05 Nov 06 Submit Packet Filtering caps to IESG8. Jun 05 Jul 07 Submit Event Logging Caps to IESG9. Aug 05 Jul 07 Submit AAA doc to IESG10.Sep 05 Jul 07 Submit Misc caps doc to IESG

IETF-63 OPSEC WG

Milestones – In FluxOrig New Task

1. Jan 05 ? 1st draft of Config & Mg Int Caps2. Feb 05 Jun 06 1st draft of Doc & Assurance caps3. May 05 ? First draft of ISP Profile 4. May 05 ? First draft of Large Enterprise Profile5. Jul 05 Mar 07 Submit In-Band mgt caps to IESG 6. Jul 05 Mar 07 Submit Out-of-Band mgt caps to IESG7. Aug 05 ? Submit Config & Mgt Interface caps

to IESG8. Sep 05 Jul 07 Submit Doc & Assurance cap to IESG 9. Dec 05 ? Submit ISP Profile to IESG 10. Dec 05 ? Submit Large Enterprise Profile to

IESG

IETF-63 OPSEC WG

Profiles

IETF-63 OPSEC WG

Profiles

• Charter:– Profile the capabilities documents for ISP and

large Enterprise environments

• We don’t need them right now… but…

• Do people still want them?– Volunteers– Ideas or outlines?– Are we missing any capability docs?

IETF-63 OPSEC WG

End