Hi OPSAWG experts,
We have a new draft (draft-hu-opsawg-sec-config-yang-00) that focuses on
security configuration checks for network devices. It comes from real problems
and requirements on the live network. Weak or incorrect configurations are the
main factors of network insecurity. Insecure configurations can be exploited to
launch a network intrusion by attackers easily. Security configuration checks
can reduce network security risks during the usage of devices. The first step
of the security configuration check is to collect security configuration
information from devices. Then, the value of the collected configuration item
will be compared with the security configuration benchmark to determine whether
the configuration item is secure. The security configuration benchmark is the
recommended value of the configuration item to ensure basic device security.
This draft attempts to define the model of the security configurations to be
collected (Currently, weak algorithms, insecure protocols, insecure feature
status, short key length and unchanged default settings are included.) and how
to obtain them through the NETCONF/Yang mechanism.
This draft is essentially a specific requirement and solution for security O&M.
Because it is relatively unique, we submit it to the OPSAWG WG and hope to get
the help and comments from experts here.
Thanks a lot!
B.R.
Lei YAN
-----Original Message-----
From: internet-dra...@ietf.org <internet-dra...@ietf.org>
Sent: Tuesday, October 22, 2024 4:10 AM
To: i-d-annou...@ietf.org
Subject: I-D Action: draft-hu-opsawg-sec-config-yang-00.txt
Internet-Draft draft-hu-opsawg-sec-config-yang-00.txt is now available.
Title: YANG Data Models for Security Configuration Check
Authors: Feifei HU
Yu HUANG
Lei YAN
Name: draft-hu-opsawg-sec-config-yang-00.txt
Pages: 16
Dates: 2024-10-21
Abstract:
Security configuration refers to the status setting of product
security features/functions to reduce network security risks during
product use. This document defines YANG data models for the security
configuration check.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-hu-opsawg-sec-config-yang/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-hu-opsawg-sec-config-yang-00.html
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
I-D-Announce mailing list -- i-d-annou...@ietf.org To unsubscribe send an email
to i-d-announce-le...@ietf.org
_______________________________________________
OPSAWG mailing list -- opsawg@ietf.org
To unsubscribe send an email to opsawg-le...@ietf.org
