Balanced Security for IPv6 Residential CPE
draft-ietf-v6ops-balanced-ipv6-security-01

Document Type Expired Internet-Draft (v6ops WG)
Last updated 2014-06-09 (latest revision 2013-12-06)
Replaces draft-v6ops-vyncke-balanced-ipv6-security
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Reviews
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-v6ops-balanced-ipv6-security-01.txt

Abstract

This document describes how an IPv6 residential Customer Premise Equipment (CPE) can have a balanced security policy that allows for a mostly end-to-end connectivity while keeping the major threats outside of the home. It is documenting an existing IPv6 deployment by Swisscom and allows all packets inbound/outbound EXCEPT for some layer-4 ports where attacks and vulnerabilities (such as weak passwords) are well-known. The policy is a proposed set of rules that can be used as a default setting. The set of blocked inbound and outbound ports is expected to be updated as threats come and go.

Authors

Martin Gysi (martin.gysi@swisscom.com)
Guillaume Leclanche (guillaume.leclanche@viagenie.ca)
Eric Vyncke (evyncke@cisco.com)
Ragnar Anfinsen (ragnar.anfinsen@altibox.no)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)