IPFIX Information Elements for logging IPSec Events
draft-alexander-opsawg-ipfix-ipsec-logging-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | thalexan@cisco.com , Frederic Detienne , Sandeep Rao , Thamilarasu Kandasamy | ||
| Last updated | 2015-05-23 (Latest revision 2014-11-19) | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Internet Protocol Security (IPSec) is an industry standard protocol suite that provides secure services for traffic between IP peers in the network. The purpose of IPSec is to provide key tenets of security that include authentication, integrity protection, access control and data confidentiality. The objectivities of IPSec are met using a collection of intertwined components namely, the security protocols, session and key management protocols and algorithms for authentication and encryption. An end-to-end IPSec operation is typically multi-step involving various technologies. There are many events in IPSec process that are of interest, such as - identities and connection status of security peers, traffic or applications being protected, access control and encryption policies being enforced. While many of these are functionally discrete, they have an impact on end-to-end IPSec operations. While network elements involved in IPSec process do provide system logs, command line interfaces and management objects that reflect the various states of operations, these are however dissevered, inconsistent and not easily favorable for analyzing, monitoring, auditing of end-to-end behavior This document proposes an approach for common representation and standardization of various IPSec operational data and events using industry standard IPFIX information model. The IPFIX approach helps to store and manage data in a consistent format, also provides opportunity for a collector to correlate various IPSec events which in turn can be exploited to obtain enriched end-to-end monitoring, reporting and troubleshooting capabilities and provide various security analytics on IPSec flows such as - host identification, application detection, track user policy violations, protocol failures and so on.
Authors
thalexan@cisco.com
Frederic Detienne
Sandeep Rao
Thamilarasu Kandasamy
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)