-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathSecConsiderations.txt
64 lines (44 loc) · 2.71 KB
/
SecConsiderations.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
The YANG module specified in this document defines a schema for data that is designed to be accessed
via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF
layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell
(SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport
is TLS [RFC 8446].
The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access
for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are writable/creatable/deletable
(i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config) to these data nodes without proper
protection can have a negative effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability:
In the "ietf-softwire-ce" module:
/softwire-payload-mtu
/softwire-payload-mtu
Setting either of these nodes to a low value could result in the
need to fragment softwire traffic resultng in execesive
fragmentation processing and potential denial-of-service.
/binding/br-ipv6-addr/
/algo/algo-instances/algo-instance/encapsulation/br-ipv6-addr/
/algo/algo-instances/algo-instance/translation/dmr-ipv6-prefix/
The values of the above nodes could be changed to redirect all of the client's
traffic through an illigitamate BR, allowing the traffic to be
intercepted or otherwise interferred with.
/binding/binding-ipv6info
/algo/algo-instances/algo-instance/
The values of nodes in the above subtrees could be altered to create invalid
encapsulated packets (e.g. with an invalid source IPv4 address), which would
be dropped by the BR.
In the "ietf-softwire-br" module:
/br-instances/binding/binding-instance/softwire-payload-mtu
/br-instances/binding/binding-instance/softwire-path-mru
Setting either of these nodes to a low value could result in the
need to fragment softwire traffic resultng in execesive
fragmentation processing and potential denial-of-service.
***** NB - for some reason, we don't have the values for algo BRs. *****
/br-instances/binding/binding-instance/
/algorithm/algorithm-instance/
The values of the above nodes could be changed to reject or redirect all,
or individual client's traffic, or could be used to redirect traffic
destined to multiple hosts to a single host as a DOS attack.
Security considerations related to lw4o6, MAP-T and MAP-E are discussed in [RFC7596],
[RFC7597], and [RFC7599] respectively.