Meetings:
30th IETF, 31st IETF, 32nd IETF, 33rd IETF, 34th IETF, 35th IETF, 36th IETF, 38th IETF, 39th IETF,
40th IETF, 41st IETF, 43rd IETF, 44th IETF, 45th IETF and 46th IETF

43rd IETF, Orlando, Fl. - December 1998

Guidelines and Recommendations for Incident Processing (GRIP)

1. Modifying the draft

The current draft is draft-ietf-grip-isp-06.txt. It has been posted on the GRIP mailing list on Dec, 3rd, but is not available on the IETF ftp site due to short time.

Some people in the groups thinks the current draft is too long, not really adapted to a specific reader. We are facing the need to split the document into separate documents.

Three drafts will be created:

Expectations of ISPs on other ISPs :
ISP good citizenship : not just safewarding, but incidents have an effect on the entire community. How ISP need to behave.
- how to get a reaction from them e.g. cooperation on events that traverse multiple nets
Consumer checklist e.g. :
- what do you do to protect my data from your other customers
- how much multiplexing are you doing
- policy of disclosing security breaches
- privacy considerations
- channels for communicating securely
- etc.
SSH addendum for ISPs :
- technical operations of services
- security issues surrounding the way they manage and operate their network
- section 7,8,9,10

Split

It is decided to take the table of contents of the current draft and to move sections to the three new drafts.

E = Expectations of ISPs,
C = Consumer Checklist;
S = SSH Addendum for ISPs
A = All three drafts

1. Introduction

A 1.1 Conventions Used in this Document

2. Incident Response

CSE 2.1 ISPs and Security Incident Response Teams (SIRTs)

SC 2.2 Assistance with Inbound Security Incidents

SC 2.3 Assistance with Outbound or Transit Security Incidents

E 2.4 Notification of Vulnerabilities and Reporting Incidents/affected customers/

SCE 2.5 Contact Information /availability/

E 2.6 Communication and Authentication /+ policy for sharing info/

SC 2.4 /Non-disclosures - disclosure of customer info/

3. Appropriate Use Policy

CE 3.1 Announcement of Policy /, public/

CE 3.2 Sanctions

4. Protection of the Community

DELETE 4.1 Cooperation

ES 4.2 Data Protection /privacy + log (compliance w/ gov't regulation, balance to find all around the world)

S 4.3 Training /- social engineering/

E 4.4 Registry Data Maintenance (Balance, need consensus decision)

5. Network Infrastructure
ask Manos for new ideas

S 5.1 Routers

S 5.2 Switches, Terminal Servers, Modems and other Network Devices

S 5.3 Anonymous telnet and other unlogged connections

S 5.4 The Network Operation Centre (NOC) and Network Management

S 5.5 Physical Security

S 5.6 Routing Infrastructure

S 5.7 Ingress Filtering on Source Address

S 5.8 Egress Filtering on Source Address

S 5.9 Route Filtering

S 5.10 Directed Broadcast

6. Systems Infrastructure

S 6.1 Policy

S 6.2 System Management

S 6.3 Backup

S 6.4 Software Distribution

7. Domain Name Service (DNS)

CS 7.1 DNS Server Management

CS 7.2 Authoritative Domain Name Service

CS 7.3 Resolution Service/update to remove entries when no longer auth./
8. Email and Mail Services

8.1 Mail Server Administration

8.2 Secure Mail

E 8.3 Open Mail Relay

8.4 Message Submission

8.5 POP and IMAP Services futur avail & smtp-auth

9. News Service (NNTP)

S 9.1 News Server Administration

S 9.2 Article Submission

S 9.3 Control Messages

S 9.4 Newsfeed Filters
10. Web-related Services

C 10.1 Webhosting Server Administration

10.2 Server Side Programs

10.3 Data and Databases

10.4 Logs and Statistics Reporting

10.5 Push and Streaming Services

10.6 Commerce

10.7 Content Loading and Distributed Authoring

10.8 Search Engines and other tools

Overall Comments

/C include something about understanding impact of your requets/

/E global stay up to date whith new secure methods as they become avail/

/C own platform or sharing with others/

Other subjects are discussed, like the need of more than one legal authorization to perform an inquiery on more than one operator to trace a line from end-to-end.

Add /S 11 NTP to synchronise logs/

The chair encourage people to join or participate in the mailing list : grip-wg@uu.net

Please send questions, comments, and/or suggestions regarding the GRIP working group to the open mailing list grip-wg@uu.net.

All issues regarding these web pages should be directed to klaus-peter@kossakowski.de.

These pages are hosted on http://www.kossakowski.de and are provided on an "AS IS" basis without any explicite or implicite responsibility, liability, etc. (For a more fully understanding please refer to the legal statements within the Impressum, which is only available in German.)

1. Introduction
A	1.1 Conventions Used in this Document
2. Incident Response
CSE	2.1 ISPs and Security Incident Response Teams (SIRTs)
SC	2.2 Assistance with Inbound Security Incidents
SC	2.3 Assistance with Outbound or Transit Security Incidents
E	2.4 Notification of Vulnerabilities and Reporting Incidents/affected customers/
SCE	2.5 Contact Information /availability/
E	2.6 Communication and Authentication /+ policy for sharing info/
SC	2.4 /Non-disclosures - disclosure of customer info/
3. Appropriate Use Policy
CE	3.1 Announcement of Policy /, public/
CE	3.2 Sanctions
4. Protection of the Community
DELETE	4.1 Cooperation
ES	4.2 Data Protection /privacy + log (compliance w/ gov't regulation, balance to find all around the world)
S	4.3 Training /- social engineering/
E	4.4 Registry Data Maintenance (Balance, need consensus decision)
5. Network Infrastructure ask Manos for new ideas
S	5.1 Routers
S	5.2 Switches, Terminal Servers, Modems and other Network Devices
S	5.3 Anonymous telnet and other unlogged connections
S	5.4 The Network Operation Centre (NOC) and Network Management
S	5.5 Physical Security
S	5.6 Routing Infrastructure
S	5.7 Ingress Filtering on Source Address
S	5.8 Egress Filtering on Source Address
S	5.9 Route Filtering
S	5.10 Directed Broadcast
6. Systems Infrastructure
S	6.1 Policy
S	6.2 System Management
S	6.3 Backup
S	6.4 Software Distribution
7. Domain Name Service (DNS)
CS	7.1 DNS Server Management
CS	7.2 Authoritative Domain Name Service
CS	7.3 Resolution Service/update to remove entries when no longer auth./
8. Email and Mail Services
	8.1 Mail Server Administration
	8.2 Secure Mail
E	8.3 Open Mail Relay
	8.4 Message Submission
	8.5 POP and IMAP Services futur avail & smtp-auth
9. News Service (NNTP)
S	9.1 News Server Administration
S	9.2 Article Submission
S	9.3 Control Messages
S	9.4 Newsfeed Filters
10. Web-related Services
C	10.1 Webhosting Server Administration
	10.2 Server Side Programs
	10.3 Data and Databases
	10.4 Logs and Statistics Reporting
	10.5 Push and Streaming Services
	10.6 Commerce
	10.7 Content Loading and Distributed Authoring
	10.8 Search Engines and other tools
Overall Comments
/C	include something about understanding impact of your requets/
/E	global stay up to date whith new secure methods as they become avail/
/C	own platform or sharing with others/
	Other subjects are discussed, like the need of more than one legal authorization to perform an inquiery on more than one operator to trace a line from end-to-end.
Add /S	11 NTP to synchronise logs/