Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure
RFC 3871
Document Type RFC - Informational (September 2004; No errata)
Was draft-jones-opsec (individual in gen area)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3871 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Steven Bellovin
Send notices to (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                      G. Jones, Ed.
Request for Comments: 3871                         The MITRE Corporation
Category: Informational                                   September 2004

              Operational Security Requirements for Large
       Internet Service Provider (ISP) IP Network Infrastructure

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document defines a list of operational security requirements for
   the infrastructure of large Internet Service Provider (ISP) IP
   networks (routers and switches).  A framework is defined for
   specifying "profiles", which are collections of requirements
   applicable to certain network topology contexts (all, core-only,
   edge-only...).  The goal is to provide network operators a clear,
   concise way of communicating their security requirements to vendors.

Jones                        Informational                      [Page 1]
RFC 3871           Operational Security Requirements      September 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
       1.1.  Goals. . . . . . . . . . . . . . . . . . . . . . . . . .  5
       1.2.  Motivation . . . . . . . . . . . . . . . . . . . . . . .  5
       1.3.  Scope. . . . . . . . . . . . . . . . . . . . . . . . . .  5
       1.4.  Definition of a Secure Network . . . . . . . . . . . . .  6
       1.5.  Intended Audience. . . . . . . . . . . . . . . . . . . .  6
       1.6.  Format . . . . . . . . . . . . . . . . . . . . . . . . .  6
       1.7.  Intended Use . . . . . . . . . . . . . . . . . . . . . .  7
       1.8.  Definitions. . . . . . . . . . . . . . . . . . . . . . .  7
   2.  Functional Requirements  . . . . . . . . . . . . . . . . . . . 11
       2.1.  Device Management Requirements . . . . . . . . . . . . . 11
             2.1.1.   Support Secure Channels For Management. . . . . 11
       2.2.  In-Band Management Requirements. . . . . . . . . . . . . 12
             2.2.1.   Use Cryptographic Algorithms Subject To
                      Open Review . . . . . . . . . . . . . . . . . . 12
             2.2.2.   Use Strong Cryptography . . . . . . . . . . . . 13
             2.2.3.   Use Protocols Subject To Open Review For
                      Management. . . . . . . . . . . . . . . . . . . 14
             2.2.4.   Allow Selection of Cryptographic Parameters . . 15
             2.2.5.   Management Functions Should Have Increased
                      Priority. . . . . . . . . . . . . . . . . . . . 16
       2.3.  Out-of-Band (OoB) Management Requirements  . . . . . . . 16
             2.3.1.   Support a 'Console' Interface . . . . . . . . . 17
             2.3.2.   'Console' Communication Profile Must Support
                      Reset . . . . . . . . . . . . . . . . . . . . . 19
             2.3.3.   'Console' Requires Minimal Functionality of
                      Attached Devices. . . . . . . . . . . . . . . . 19
             2.3.4.   'Console' Supports Fall-back Authentication . . 20
             2.3.5.   Support Separate Management Plane IP
                      Interfaces. . . . . . . . . . . . . . . . . . . 21
             2.3.6.   No Forwarding Between Management Plane And Other
                      Interfaces. . . . . . . . . . . . . . . . . . . 21
       2.4.  Configuration and Management Interface Requirements. . . 22
             2.4.1.   'CLI' Provides Access to All Configuration and
                      Management Functions. . . . . . . . . . . . . . 22
             2.4.2.   'CLI' Supports Scripting of Configuration . . . 23
             2.4.3.   'CLI' Supports Management Over 'Slow' Links . . 24
             2.4.4.   'CLI' Supports Idle Session Timeout . . . . . . 25
             2.4.5.   Support Software Installation . . . . . . . . . 25
             2.4.6.   Support Remote Configuration Backup . . . . . . 27
             2.4.7.   Support Remote Configuration Restore. . . . . . 27
             2.4.8.   Support Text Configuration Files. . . . . . . . 28
       2.5.  IP Stack Requirements. . . . . . . . . . . . . . . . . . 29
             2.5.1.   Ability to Identify All Listening Services. . . 29
             2.5.2.   Ability to Disable Any and All Services . . . . 30

Jones                        Informational                      [Page 2]
RFC 3871           Operational Security Requirements      September 2004

             2.5.3.   Ability to Control Service Bindings for
                      Listening Services. . . . . . . . . . . . . . . 30
             2.5.4.   Ability to Control Service Source Addresses . . 31
             2.5.5.   Support Automatic Anti-spoofing for
                      Single-Homed Networks . . . . . . . . . . . . . 32
             2.5.6.   Support Automatic Discarding Of Bogons and
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA