Hi Mikael, On 11/11/14 21:05, Mikael Abrahamsson wrote: > I keep running into people who have never heard of the excellent > document that Torbjörn Eklöv has created over time. It came out of work > to create requirements and certification for access networks, one large > reason was to assure a secure end user connection that didn't have MITM > and spoofing problems. > > The main site is here: > > http://secureenduserconnection.se/ > > Direct link to the current version of the document: > > http://secureenduserconnection.se/wp-content/uploads/2012/02/SEC-Secure-End-user-Connection-2014-05-30.pdf > > > I recommend everybody looking for information and requirements on how to > create a secure network to read this document. It's very comprehensive.
Thank you for this reference to this comprehensive work. By its completeness, the document could be a basis for a number of BCOPs. For the IPv4 and IPv6 address spoofing, the documents suggests using a access filtering based on IPv4/6 address whitelist table on customer ports. For IPv6 it gives examples to build such a whitelist table, but I see in the edit history, they removed such examples for IPv4. I will check if the examples are still in previous versions of the document. Good topic for ongoing discussions now we start thinking of TCP FastOpen (https://tools.ietf.org/html/draft-ietf-tcpm-fastopen) and UDP gained new interest as an alternative to surf the web (https://ripe69.ripe.net/wp-content/uploads/presentations/166-quic.v0.1.pdf). Cheers, -- Benno -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/
