RFC 3871           Operational Security Requirements      September 2004

             2.5.3.   Ability to Control Service Bindings for

                      Listening Services. . . . . . . . . . . . . . . 30

             2.5.4.   Ability to Control Service Source Addresses . . 31

             2.5.5.   Support Automatic Anti spoofing for

                      Single Homed Networks . . . . . . . . . . . . . 32

             2.5.6.   Support Automatic Discarding Of Bogons and

                      Martians. . . . . . . . . . . . . . . . . . . . 33

             2.5.7.   Support Counters For Dropped Packets. . . . . . 34

       2.6.  Rate Limiting Requirements . . . . . . . . . . . . . . . 35

             2.6.1.   Support Rate Limiting . . . . . . . . . . . . . 35

             2.6.2.   Support Directional Application Of Rate

                      Limiting Per Interface. . . . . . . . . . . . . 36

             2.6.3.   Support Rate Limiting Based on State. . . . . . 36

       2.7.  Basic Filtering Capabilities . . . . . . . . . . . . . . 37

             2.7.1.   Ability to Filter Traffic . . . . . . . . . . . 37

             2.7.2.   Ability to Filter Traffic TO the Device . . . . 37

             2.7.3.   Ability to Filter Traffic THROUGH the Device. . 38

             2.7.4.   Ability to Filter Without Significant

                      Performance Degradation . . . . . . . . . . . . 38

             2.7.5.   Support Route Filtering . . . . . . . . . . . . 39

             2.7.6.   Ability to Specify Filter Actions . . . . . . . 40

             2.7.7.   Ability to Log Filter Actions . . . . . . . . . 40

       2.8.  Packet Filtering Criteria. . . . . . . . . . . . . . . . 41

             2.8.1.   Ability to Filter on Protocols. . . . . . . . . 41

             2.8.2.   Ability to Filter on Addresses. . . . . . . . . 42

             2.8.3.   Ability to Filter on Protocol Header Fields . . 42

             2.8.4.   Ability to Filter Inbound and Outbound. . . . . 43

       2.9.  Packet Filtering Counter Requirements. . . . . . . . . . 43

             2.9.1.   Ability to Accurately Count Filter Hits . . . . 43

             2.9.2.   Ability to Display Filter Counters. . . . . . . 44

             2.9.3.   Ability to Display Filter Counters per Rule . . 45

             2.9.4.   Ability to Display Filter Counters per Filter

                      Application . . . . . . . . . . . . . . . . . . 45

             2.9.5.   Ability to Reset Filter Counters. . . . . . . . 46

             2.9.6.   Filter Counters Must Be Accurate. . . . . . . . 47

       2.10. Other Packet Filtering Requirements  . . . . . . . . . . 47

             2.10.1.  Ability to Specify Filter Log Granularity . . . 47

       2.11. Event Logging Requirements . . . . . . . . . . . . . . . 48

             2.11.1.  Logging Facility Uses Protocols Subject To

                      Open Review . . . . . . . . . . . . . . . . . . 48

             2.11.2.  Logs Sent To Remote Servers . . . . . . . . . . 49

             2.11.3.  Ability to Select Reliable Delivery . . . . . . 49

             2.11.4.  Ability to Log Locally. . . . . . . . . . . . . 50

             2.11.5.  Ability to Maintain Accurate System Time. . . . 50

             2.11.6.  Display Timezone And UTC Offset . . . . . . . . 51

             2.11.7.  Default Timezone Should Be UTC. . . . . . . . . 52

             2.11.8.  Logs Must Be Timestamped. . . . . . . . . . . . 52

             2.11.9.  Logs Contain Untranslated IP Addresses. . . . . 53

Jones                        Informational                      [Page 3]