Hi OPSAWG experts, We have a new draft (draft-hu-opsawg-network-element-tsm-yang-00) that focuses on threat surface management for network devices. It comes from real problems and requirements on the live network. When a device is visible to the outside world, that is, open ports, services, and accounts, if these exposed surfaces have weak configurations and vulnerabilities, they may be targeted by attackers and maliciously exploited, then become attack surfaces. Therefore, network administrators need to have comprehensive, accurate, and timely visibility of the information. The corresponding technical requirements are to clearly define the management objects of the threat surface of the device and the corresponding model, and then implement the management, control, and mitigation solutions.
This draft is an attempt to define the model of the device threat surface (Currently, information about interfaces, services, accounts, versions and vulnerabilities is included.) and how to obtain them through the NETCONF/Yang mechanism. Previously, the closed Network Endpoint Assessment (NEA) and Security Automation and Continuous Monitoring (SACM) working groups of the IETF had similar work. There have been some recent MUD extensions (RFC9472 -- MUD YANG extension for SBOMs and Vulnerability Information, ietf-opsawg-mud-tls -- MUD YANG extension for TLS security posture of IoT devices) with similar goals and proposals. This draft is essentially a specific requirement and solution for security O&M. Because it is relatively unique, we submit it to the OPSAWG WG and hope to get the helps and comments from experts here. Thank a lot! B.R. Frank
_______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
