| draft-ietf-i2nsf-nsf-monitoring-data-model-02.txt | draft-ietf-i2nsf-nsf-monitoring-data-model-03.txt | |||
|---|---|---|---|---|
| Network Working Group J. Jeong | Network Working Group J. Jeong | |||
| Internet-Draft C. Chung | Internet-Draft C. Chung | |||
| Intended status: Standards Track Sungkyunkwan University | Intended status: Standards Track Sungkyunkwan University | |||
| Expires: May 7, 2020 S. Hares | Expires: November 8, 2020 S. Hares | |||
| L. Xia | L. Xia | |||
| Huawei | Huawei | |||
| H. Birkholz | H. Birkholz | |||
| Fraunhofer SIT | Fraunhofer SIT | |||
| November 4, 2019 | May 7, 2020 | |||
| I2NSF NSF Monitoring YANG Data Model | I2NSF NSF Monitoring YANG Data Model | |||
| draft-ietf-i2nsf-nsf-monitoring-data-model-02 | draft-ietf-i2nsf-nsf-monitoring-data-model-03 | |||
| Abstract | Abstract | |||
| This document proposes an information model and the corresponding | This document proposes an information model and the corresponding | |||
| YANG data model for monitoring Network Security Functions (NSFs) in | YANG data model for monitoring Network Security Functions (NSFs) in | |||
| the Interface to Network Security Functions (I2NSF) framework. If | the Interface to Network Security Functions (I2NSF) framework. If | |||
| the monitoring of NSFs is performed in a comprehensive way, it is | the monitoring of NSFs is performed in a comprehensive way, it is | |||
| possible to detect the indication of malicious activity, anomalous | possible to detect the indication of malicious activity, anomalous | |||
| behavior or the potential sign of denial of service attacks in a | behavior or the potential sign of denial of service attacks in a | |||
| timely manner. This monitoring functionality is based on the | timely manner. This monitoring functionality is based on the | |||
| skipping to change at page 2, line 12 ¶ | skipping to change at page 2, line 12 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 7, 2020. | This Internet-Draft will expire on November 8, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 3, line 43 ¶ | skipping to change at page 3, line 43 ¶ | |||
| 9. Tree Structure . . . . . . . . . . . . . . . . . . . . . . . 28 | 9. Tree Structure . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 10. YANG Data Model . . . . . . . . . . . . . . . . . . . . . . . 37 | 10. YANG Data Model . . . . . . . . . . . . . . . . . . . . . . . 37 | |||
| 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 72 | 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 72 | |||
| 12. Security Considerations . . . . . . . . . . . . . . . . . . . 72 | 12. Security Considerations . . . . . . . . . . . . . . . . . . . 72 | |||
| 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 73 | 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 73 | |||
| 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 73 | 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 73 | |||
| 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 73 | 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 73 | |||
| 15.1. Normative References . . . . . . . . . . . . . . . . . . 73 | 15.1. Normative References . . . . . . . . . . . . . . . . . . 73 | |||
| 15.2. Informative References . . . . . . . . . . . . . . . . . 75 | 15.2. Informative References . . . . . . . . . . . . . . . . . 75 | |||
| Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data- | Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data- | |||
| model-01 . . . . . . . . . . . . . . . . . . . . . . 77 | model-02 . . . . . . . . . . . . . . . . . . . . . . 77 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 77 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 77 | |||
| 1. Introduction | 1. Introduction | |||
| According to [I-D.ietf-i2nsf-terminology], the interface provided by | According to [I-D.ietf-i2nsf-terminology], the interface provided by | |||
| a Network Security Function (NSF) (e.g., Firewall, IPS, Anti-DDoS, or | a Network Security Function (NSF) (e.g., Firewall, IPS, Anti-DDoS, or | |||
| Anti-Virus function) to administrative entities (e.g., Security | Anti-Virus function) to administrative entities (e.g., Security | |||
| Controller) to enable remote management (i.e., configuring and | Controller) to enable remote management (i.e., configuring and | |||
| monitoring) is referred to as an I2NSF NSF-Facing Interface | monitoring) is referred to as an I2NSF NSF-Facing Interface | |||
| skipping to change at page 19, line 36 ¶ | skipping to change at page 19, line 36 ¶ | |||
| Access logs record administrators' login, logout, and operations on a | Access logs record administrators' login, logout, and operations on a | |||
| device. By analyzing them, security vulnerabilities can be | device. By analyzing them, security vulnerabilities can be | |||
| identified. The following information should be included in an | identified. The following information should be included in an | |||
| operation report: | operation report: | |||
| o Administrator: Administrator that operates on the device | o Administrator: Administrator that operates on the device | |||
| o login_ip_address: IP address used by an administrator to log in | o login_ip_address: IP address used by an administrator to log in | |||
| o login_mode: Specifies the administrator logs in mode e.g. root, | o login_mode: Specifies the administrator logs in mode e.g. root, | |||
| user | user | |||
| o operation_type: The operation type that the administrator execute, | o operation_type: The operation type that the administrator execute, | |||
| e.g., login, logout, and configuration. | e.g., login, logout, and configuration. | |||
| o result: Command execution result | o result: Command execution result | |||
| o content: Operation performed by an administrator after login. | o content: Operation performed by an administrator after login. | |||
| 7.4.2. Resource Utilization Log | 7.4.2. Resource Utilization Log | |||
| skipping to change at page 37, line 10 ¶ | skipping to change at page 37, line 10 ¶ | |||
| +--ro module-name? string | +--ro module-name? string | |||
| +--ro severity? severity | +--ro severity? severity | |||
| Figure 1: Information Model for NSF Monitoring | Figure 1: Information Model for NSF Monitoring | |||
| 10. YANG Data Model | 10. YANG Data Model | |||
| This section introduces a YANG data model for the information model | This section introduces a YANG data model for the information model | |||
| of the NSF monitoring information model. | of the NSF monitoring information model. | |||
| <CODE BEGINS> file "ietf-i2nsf-monitor@2019-11-04.yang" | <CODE BEGINS> file "ietf-i2nsf-monitor@2020-05-07.yang" | |||
| module ietf-i2nsf-monitor { | module ietf-i2nsf-monitor { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace | namespace | |||
| "urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitor"; | "urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitor"; | |||
| prefix | prefix | |||
| iim; | iim; | |||
| import ietf-inet-types{ | import ietf-inet-types{ | |||
| prefix inet; | prefix inet; | |||
| reference | reference | |||
| "Section 4 of RFC 6991"; | "Section 4 of RFC 6991"; | |||
| skipping to change at page 38, line 11 ¶ | skipping to change at page 38, line 11 ¶ | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject | |||
| to the license terms contained in, the Simplified BSD License | to the license terms contained in, the Simplified BSD License | |||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | set forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info). | (http://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC 6087; see | This version of this YANG module is part of RFC 6087; see | |||
| the RFC itself for full legal notices."; | the RFC itself for full legal notices."; | |||
| revision "2019-11-04" { | revision "2020-05-07" { | |||
| description "The third revision"; | description "The third revision"; | |||
| reference | reference | |||
| "RFC XXXX: I2NSF NSF Monitoring YANG Data Model"; | "RFC XXXX: I2NSF NSF Monitoring YANG Data Model"; | |||
| } | } | |||
| typedef severity { | typedef severity { | |||
| type enumeration { | type enumeration { | |||
| enum high { | enum high { | |||
| description | description | |||
| "high-level"; | "high-level"; | |||
| skipping to change at page 75, line 45 ¶ | skipping to change at page 75, line 45 ¶ | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| 15.2. Informative References | 15.2. Informative References | |||
| [I-D.ietf-i2nsf-capability] | [I-D.ietf-i2nsf-capability] | |||
| Xia, L., Strassner, J., Basile, C., and D. Lopez, | Xia, L., Strassner, J., Basile, C., and D. Lopez, | |||
| "Information Model of NSFs Capabilities", draft-ietf- | "Information Model of NSFs Capabilities", draft-ietf- | |||
| i2nsf-capability-05 (work in progress), April 2019. | i2nsf-capability-05 (work in progress), April 2019. | |||
| [I-D.ietf-i2nsf-consumer-facing-interface-dm] | [I-D.ietf-i2nsf-consumer-facing-interface-dm] | |||
| Jeong, J., Kim, E., Ahn, T., Kumar, R., and S. Hares, | Jeong, J., Chung, C., Ahn, T., Kumar, R., and S. Hares, | |||
| "I2NSF Consumer-Facing Interface YANG Data Model", draft- | "I2NSF Consumer-Facing Interface YANG Data Model", draft- | |||
| ietf-i2nsf-consumer-facing-interface-dm-06 (work in | ietf-i2nsf-consumer-facing-interface-dm-08 (work in | |||
| progress), July 2019. | progress), March 2020. | |||
| [I-D.ietf-i2nsf-nsf-facing-interface-dm] | [I-D.ietf-i2nsf-nsf-facing-interface-dm] | |||
| Kim, J., Jeong, J., J., J., PARK, P., Hares, S., and Q. | Kim, J., Jeong, J., J., J., PARK, P., Hares, S., and Q. | |||
| Lin, "I2NSF Network Security Function-Facing Interface | Lin, "I2NSF Network Security Function-Facing Interface | |||
| YANG Data Model", draft-ietf-i2nsf-nsf-facing-interface- | YANG Data Model", draft-ietf-i2nsf-nsf-facing-interface- | |||
| dm-07 (work in progress), July 2019. | dm-08 (work in progress), November 2019. | |||
| [I-D.ietf-i2nsf-registration-interface-dm] | [I-D.ietf-i2nsf-registration-interface-dm] | |||
| Hyun, S., Jeong, J., Roh, T., Wi, S., J., J., and P. PARK, | Hyun, S., Jeong, J., Roh, T., Wi, S., J., J., and P. PARK, | |||
| "I2NSF Registration Interface YANG Data Model", draft- | "I2NSF Registration Interface YANG Data Model", draft- | |||
| ietf-i2nsf-registration-interface-dm-05 (work in | ietf-i2nsf-registration-interface-dm-08 (work in | |||
| progress), July 2019. | progress), March 2020. | |||
| [I-D.ietf-i2nsf-terminology] | [I-D.ietf-i2nsf-terminology] | |||
| Hares, S., Strassner, J., Lopez, D., Xia, L., and H. | Hares, S., Strassner, J., Lopez, D., Xia, L., and H. | |||
| Birkholz, "Interface to Network Security Functions (I2NSF) | Birkholz, "Interface to Network Security Functions (I2NSF) | |||
| Terminology", draft-ietf-i2nsf-terminology-08 (work in | Terminology", draft-ietf-i2nsf-terminology-08 (work in | |||
| progress), July 2019. | progress), July 2019. | |||
| [I-D.yang-i2nsf-nfv-architecture] | [I-D.yang-i2nsf-nfv-architecture] | |||
| Yang, H., Kim, Y., Jeong, J., and J. Kim, "I2NSF on the | Yang, H., Kim, Y., Jeong, J., and J. Kim, "I2NSF on the | |||
| NFV Reference Architecture", draft-yang-i2nsf-nfv- | NFV Reference Architecture", draft-yang-i2nsf-nfv- | |||
| architecture-05 (work in progress), July 2019. | architecture-05 (work in progress), July 2019. | |||
| [I-D.yang-i2nsf-security-policy-translation] | [I-D.yang-i2nsf-security-policy-translation] | |||
| Jeong, J., Yang, J., Chung, C., and J. Kim, "Security | Jeong, J., Yang, J., Chung, C., and J. Kim, "Security | |||
| Policy Translation in Interface to Network Security | Policy Translation in Interface to Network Security | |||
| Functions", draft-yang-i2nsf-security-policy- | Functions", draft-yang-i2nsf-security-policy- | |||
| translation-04 (work in progress), July 2019. | translation-05 (work in progress), November 2019. | |||
| [RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services Export | [RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services Export | |||
| Version 9", RFC 3954, DOI 10.17487/RFC3954, October 2004, | Version 9", RFC 3954, DOI 10.17487/RFC3954, October 2004, | |||
| <https://www.rfc-editor.org/info/rfc3954>. | <https://www.rfc-editor.org/info/rfc3954>. | |||
| [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG | [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG | |||
| Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, | Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, | |||
| January 2011, <https://www.rfc-editor.org/info/rfc6087>. | January 2011, <https://www.rfc-editor.org/info/rfc6087>. | |||
| [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. | [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. | |||
| Kumar, "Framework for Interface to Network Security | Kumar, "Framework for Interface to Network Security | |||
| Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, | Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, | |||
| <https://www.rfc-editor.org/info/rfc8329>. | <https://www.rfc-editor.org/info/rfc8329>. | |||
| [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | |||
| BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, | BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8340>. | <https://www.rfc-editor.org/info/rfc8340>. | |||
| Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-01 | Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-02 | |||
| The following changes are made from draft-ietf-i2nsf-nsf-monitoring- | The following changes are made from draft-ietf-i2nsf-nsf-monitoring- | |||
| data-model-01: | data-model-02: | |||
| o Section 7 is reorganized such that the subsections for the | o This version has a submission date update to maintain the active | |||
| monitored objects (i.e., event, log, and counter) of System and | status of the draft. | |||
| NSF are listed up pairwisely with a pair of System and NSF except | ||||
| alarm because alarm is a monitored object to only System. | o This version updates the version numbers of the referenced drafts. | |||
| Authors' Addresses | Authors' Addresses | |||
| Jaehoon Paul Jeong | Jaehoon Paul Jeong | |||
| Department of Computer Science and Engineering | Department of Computer Science and Engineering | |||
| Sungkyunkwan University | Sungkyunkwan University | |||
| 2066 Seobu-Ro, Jangan-Gu | 2066 Seobu-Ro, Jangan-Gu | |||
| Suwon, Gyeonggi-Do 16419 | Suwon, Gyeonggi-Do 16419 | |||
| Republic of Korea | Republic of Korea | |||
| End of changes. 17 change blocks. | ||||
| 22 lines changed or deleted | 22 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||