Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Concluded WG Operational Security Capabilities for IP Network Infrastructure (opsec)

Note: The data for concluded WGs is occasionally incorrect.

WG	Name	Operational Security Capabilities for IP Network Infrastructure
	Acronym	opsec
	Area	Operations and Management Area (ops)
	State	Concluded
	Charter	charter-ietf-opsec-05 Approved
	Document dependencies	Document dependencies Loading... Pan and zoom the dependency graph after the layout settles. Show legend Loading...
	Additional resources	Issue tracker, Wiki, Zulip Stream
Personnel	Chairs	Jen Linkova, Ron Bonica
	Area Director	Warren "Ace" Kumari
	Liaison Contacts	Gunter Van de Velde, KK Chittimaneni, Warren "Ace" Kumari
Mailing list	Address	opsec@ietf.org
	To subscribe	https://www.ietf.org/mailman/listinfo/opsec
	Archive	https://mailarchive.ietf.org/arch/browse/opsec/

Closing note for Working Group

Sadly, all good things must come to an end. OpSec was a vibrant, fun and effective working group, which has now run its course. Quoting Jen Linkova: "It's been a fantastic 16 years. The group has published 18 RFCs, making the internet (and, most importantly, IPv6) a safer and all-around more awesome place."

Final Charter for Working Group

Goals:

The OPSEC WG will document operational issues and best current practices
with regard to network security. In particular, the working group will
clarify the rationale of supporting current operational practice,
addressing gaps in currently understood best practices and clarifying
liabilities inherent in security practices where they exist.

Scope:

The scope of the OPSEC WG includes the protection and secure operation
of the forwarding, control and management planes. Documentation of
operational issues, revision of existing operational security practices
documents and proposals for new approaches to operational challenges
related to network security are in scope.

Method:

The work will result in the publication of informational or BCP RFCs.
Taxonomy or problem statement documents may provide a basis for such
documents.

Informational or Best Current Practices Documents

For each topic addressed, the working group will produce a document that
captures common practices related to secure network operation. This will
be primarily based on operational experience. A document might convey:

a threat or threats to be addressed
current practices for addressing the threat
protocols, tools and technologies extant at the time of writing that
are used to address the threat
the possibility that a solution does not exist within existing tools
or technologies

Taxonomy and Problem Statement Documents

These are documents that describe the scope of particular operational
security challenges or problem spaces without necessarily coming to
conclusions or proposing solutions. Such a document might be the
precursor to an informational or best current practices document.

While the principal input of the working group is operational experience
and needs, the output should be directed towards providing guidance to
the operators community, other working groups that develop protocols or
the protocol development community.

Non-Goals:

The OPSEC WG is will not write or modify protocols. New protocol work
must be addressed through a working group chartered for that work, or
via one of the individual submission processes. The OPSEC WG may take on
documents related to the practices of using such work.

Milestones

Date	Milestone	Associated documents
Sep 2013	Submit 'Network Reconnaissance in IPv6 Networks' document to IESG
Sep 2013	Submit 'BGP operations and security' document to IESG
Sep 2013	Submit 'DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers' document to IESG
Jul 2013	WG Last Call for 'Virtual Private Network (VPN) traffic leakages in dual-stack hosts/networks' document
Jul 2013	WG Last Call for 'DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers' document
Jul 2013	WG Last Call for 'Network Reconnaissance in IPv6 Networks' document
Jul 2013	WG Last Call for 'BGP operations and security' document
May 2013	Submit 'Using Only Link-Local Addressing Inside an IPv6 Network' document to IESG
Mar 2013	WG Last Call for 'Using Only Link-Local Addressing Inside an IPv6 Network' document
Mar 2013	Submit 'Recommendations on filtering of IPv4 packets containing IPv4 options' document to IESG
Mar 2013	Submit 'Operational Security Considerations for IPv6 Networks' document to IESG
Mar 2013	Submit 'Recommendations for filtering ICMP messages' document to IESG
Mar 2013	Submit 'Recommendations for filtering ICMP messages' document to IESG
Jan 2013	WG Last Call for 'Recommendations for filtering ICMP messages' document
Jan 2013	WG Last Call for 'Security Implications of IPv6 on IPv4 networks' document
Jan 2013	WG Last Call for 'Operational Security Considerations for IPv6 Networks' document
Jan 2013	WG Last Call for 'Recommendations on filtering of IPv4 packets containing IPv4 options' document
Dec 2012	WG Adoption of 'DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers' document
Dec 2012	WG Adoption of 'Virtual Private Network (VPN) traffic leakages in dual-stack hosts/networks' document
Dec 2012	WG Adoption of 'BGP operations and security' document
Dec 2012	WG Adoption of 'Network Reconnaissance in IPv6 Networks' document

Done milestones

Date	Milestone	Associated documents
Done	Submit Network Operator Current Security Practices to IESG
Done	First draft of Out-of-Band management capabilities
Done	First draft of In-Band management capabilities
Done	First draft of Configuration and Management Interface Capabilities
Done	First draft of Network Operator Current Security Practices
Done	First draft of Packet Filtering Capabilities
Done	First draft of Event Logging Capabilities
Done	First draft of Standards Survey Document as Internet Draft
Done	Complete Charter
Done	First draft of Framework Document as Internet Draft