RFC 3871           Operational Security Requirements      September 2004

         *  Routing is symmetric.

      See [RFC3704] for a discussion of related issues and mechanisms

      for multihomed networks.

   Spoofed Packet.

      A "spoofed packet" is defined as a packet that has a source

      address that does not correspond to any address assigned to the

      system which sent the packet.  Spoofed packets are often "bogons"

      or "martians".

2.  Functional Requirements

   The requirements in this section are intended to list testable,

   functional requirements that are needed to operate devices securely.

2.1.  Device Management Requirements

2.1.1.  Support Secure Channels For Management

   Requirement.

      The device MUST provide mechanisms to ensure end to end integrity

      and confidentiality for all network traffic and protocols used to

      support management functions.  This MUST include at least

      protocols used for configuration, monitoring, configuration backup

      and restore, logging, time synchronization, authentication, and

      routing.

   Justification.

      Integrity protection is required to ensure that unauthorized users

      cannot manage the device or alter log data or the results of

      management commands.  Confidentiality is required so that

      unauthorized users cannot view sensitive information, such as

      keys, passwords, or the identity of users.

   Examples.

      See [RFC3631] for a current list of mechanisms that can be used to

      support secure management.

      Later sections list requirements for supporting in band management

      (Section 2.2)  and out of band management (Section 2.3) as well as

      trade offs that must be weighed in considering which is

      appropriate to a given situation.

Jones                        Informational                     [Page 11]