[27727] in North American Network Operators' Group
Re: Hi, we're from the government and we're here to help
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Thu Mar 9 21:49:11 2000
Message-Id: <4.2.2.20000309213818.00a33740@lint.cisco.com>
Date: Thu, 09 Mar 2000 21:44:58 -0500
To: Sean Donelan <sean@donelan.com>
From: Paul Ferguson <ferguson@cisco.com>
Cc: nanog@merit.edu
In-Reply-To: <20000310021807.4898.cpmta@c004.sfo.cp.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
At 06:18 PM 03/09/2000 -0800, Sean Donelan wrote:
>The problem is with providers without famous people and too many people,
>so they don't know each other. If you don't already know someone at, for
>example, NTT or BT or Qwest, navigating through their public contacts
>usually doesn't get you too far.
>
>What may be interesting is looking at how other industries handle the
>problem.
Interestingly enough, there are a couple of very useful documents
which have come out of the IETF GRIP (Guidelines and Recommendations
for Security Incident Processing) Working Group:
RFC2350 (BCP21): "Expectations for Computer Security Incident
Response", N. Brownlee, E. Guttman, June 1998.
http://www.ietf.org/rfc/rfc2350.txt
"Security Expectations for Internet Service Providers",
draft-ietf-grip-isp-expectations-03.txt, T. Killalea,
February 2000.
http://www.ietf.org/internet-drafts/draft-ietf-grip-isp-expectations-03.txt
"Security Checklist for Internet Service Provider (ISP)
Consumers", draft-ietf-grip-user-02.txt, T. Hansen, June 1999.
http://www.ietf.org/internet-drafts/draft-ietf-grip-user-02.txt
"Site Security Handbook Addendum for ISP's",
draft-ietf-grip-ssh-add-00.txt, T. Debeaupuis, August 1999.
http://www.ietf.org/internet-drafts/draft-ietf-grip-ssh-add-00.txt
In fact, draft-ietf-grip-isp-expectations-03 just went to Last Call
in the IETF prior to being advanced as a BCP.
- paul
