RFC 3871 Operational Security Requirements September 2004
* Use of the security feature consumes excessive resources (CPU,
memory, bandwidth).
Warnings.
Determination of compliance with this requirement involves a level
of judgement. What is "severe"? Certainly crashing is severe,
but what about a %5 loss in throughput when logging is enabled?
It should also be noted that there may be unavoidable physical
limitations such as the total capacity of a link.
2.15. Security Features Should Have Minimal Performance Impact
Requirement.
Security features specified by the requirements in this document
SHOULD be implemented with minimal impact on performance. Other
sections of this document may specify different performance
requirements (e.g., "MUST"s).
Justification.
Security features which significantly impact performance may leave
the operator with no mechanism for enforcing appropriate policy.
Examples.
If the application of filters is known to have the potential to
significantly reduce throughput for non filtered traffic, there
will be a tendency, or in some cases a policy, not to use filters.
Assume, for example, that a new worm is released that scans random
IP addresses looking for services listening on TCP port 1433. An
operator might want to investigate to see if any of the hosts on
their networks were infected and trying to spread the worm. One
way to do this would be to put up non blocking filters counting
and logging the number of outbound connection 1433, and then to
block the requests that are determined to be from infected hosts.
If any of these capabilities (filtering, counting, logging) have
the potential to impose severe performance penalties, then this
otherwise rational course of action might not be possible.
Warnings.
Requirements for which performance is a particular concern
include: filtering, rate limiting, counters, logging and anti
spoofing.
Jones Informational [Page 66]
Unlimited Web Hosting
|
|
TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved. |