In the process of reviews for draft-ietf-bier-te, i ran into
the question what the BCP are wrt. attacks via intentional misconfiguration.
A) Is this somehing that should it be mentioned in security considerations ?
I can not remember examples of misconfig attack in RFC
security considerations. At least not for common issues that i can
think of. But those would relate all to older standards. Maybe
newer standards are better. Example would be nice.
B) Do we have any guidance or even explicit specs in support
of minimizing the risk of misconfigurations attacks ?
For example, the attacks in under question where against misconfiguring
routing via e.g.: static routes or similar functionality directly
impacting local forwading plane. If i built a router where there is
no such local CLI, but i would only make it available via e.g.: via
authenticated NetConf, and the router infra was set up to not allow
to change this (locked down hardware so to speak), this would
significantly change the attack vector. Do we have anything like this
in any specs or even as options in YANG models ?
Cheers
Toerless
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
