nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hi, we're from the government and we're here to help

From: Paul Ferguson <ferguson () cisco com>
Date: Thu, 09 Mar 2000 21:44:58 -0500

At 06:18 PM 03/09/2000 -0800, Sean Donelan wrote:


The problem is with providers without famous people and too many people,
so they don't know each other.  If you don't already know someone at, for
example, NTT or BT or Qwest, navigating through their public contacts
usually doesn't get you too far.

What may be interesting is looking at how other industries handle the
problem.


Interestingly enough, there are a couple of very useful documents
which have come out of the IETF GRIP (Guidelines and Recommendations
for Security Incident Processing) Working Group:

RFC2350 (BCP21): "Expectations for Computer Security Incident
Response", N. Brownlee,  E. Guttman, June 1998.
http://www.ietf.org/rfc/rfc2350.txt

"Security Expectations for Internet Service Providers",
draft-ietf-grip-isp-expectations-03.txt, T. Killalea,
February 2000.
http://www.ietf.org/internet-drafts/draft-ietf-grip-isp-expectations-03.txt

"Security Checklist for Internet Service Provider (ISP)
Consumers", draft-ietf-grip-user-02.txt, T. Hansen, June 1999.
http://www.ietf.org/internet-drafts/draft-ietf-grip-user-02.txt

"Site Security Handbook Addendum for ISP's",
draft-ietf-grip-ssh-add-00.txt, T. Debeaupuis, August 1999.
http://www.ietf.org/internet-drafts/draft-ietf-grip-ssh-add-00.txt


In fact, draft-ietf-grip-isp-expectations-03 just went to Last Call
in the IETF prior to being advanced as a BCP.

- paul
Previous By Date Next
Previous By Thread Next

Current thread: