RFC 3871           Operational Security Requirements      September 2004

   FLASH. The device could support booting from flash memory cards.

      Simple mechanisms currently in use to protect the integrity of

      system images and data transfer include image checksums and simple

      serial file transfer protocols such as XMODEM and Kermit.

   Warnings.

      None.

2.4.6.  Support Remote Configuration Backup

   Requirement.

      The device MUST provide a means to store the system configuration

      to a remote server.  The stored configuration MUST have sufficient

      information to restore the device to its operational state at the

      time the configuration is saved.  Stored versions of the

      configuration MAY be compressed using an algorithm which is

      subject to open review, as long as the fact is clearly identified

      and the compression can be disabled.  Sensitive information such

      as passwords that could be used to compromise the security of the

      device MAY be excluded from the saved configuration.

   Justification.

      Archived configurations are essential to enable auditing and

      recovery.

   Examples.

      Possible implementations include SCP, SFTP or FTP over a secure

      channel.  See Section 2.1.1 for requirements related to secure

      communication channels for management protocols and data.

   Warnings.

      The security of the remote server is assumed, with appropriate

      measures being outside the scope of this document.

2.4.7.  Support Remote Configuration Restore

   Requirement.

      The device MUST provide a means to restore a configuration that

      was saved as described in Section 2.4.6.  The system MUST be

      restored to its operational state at the time the configuration

      was saved.

Jones                        Informational                     [Page 27]