Web-based Imaging Management Services: WIMS> Some WIMS secur

WIMS> Some WIMS security requirements

From: McDonald, Ira (imcdonald@sharplabs.com)
Date: Sat Feb 05 2005 - 17:03:08 EST

Next message: McDonald, Ira: "WIMS> Posted Counter MIB v0.50 (5 February 2005)"

Previous message: McDonald, Ira: "WIMS> Need Requirements for WIMS spec before last call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Saturday (5 February 2005)

Here's a rough draft of some WIMS security requirements, with a brief
rationale for each requirement.

In the past, we had decided that WIMS must create and maintain users,
groups, accounts, roles, etc. (at least to the extent of the End User,
Operator, Administrator roles used in IPP/1.1 security requirements).
That is clearly out-of-scope for basic WIMS v1.0.

The following minimum WIMS security requirements are in-scope:

(1) WIMS Agents and WIMS Managers MUST NOT transfer any information
    extra-enterprise (e.g., across the public Internet) without strong
    mutual authentication of the source and target of every WIMS message
    (either by message-level security or session-level security).

(2) WIMS Agents and WIMS Managers SHOULD NOT transfer any information
    extra-enterprise (e.g., across the public Internet) without strong
    encryption of the entire information content of every WIMS message
    (either by message-level security or session-level security).

(3) WIMS Agents and WIMS Managers MUST NOT transfer any configuration
    information intra-enterprise without strong mutual authentication
    of the source and target of every WIMS configuration message
    (either by message-level security or session-level security).

(4) WIMS Agents and WIMS Managers SHOULD NOT transfer any monitoring
    information intra-enterprise without strong mutual authentication
    of the source and target of every WIMS monitoring message
    (either by message-level security or session-level security).

Rationale for each requirement above:

(1) IP source address spoofing and IP target address interception and
    redirection are trivially easy, with freely available hacker tools,
    so HTTP without TLS or SMTP without SMIME/PGP are unacceptable for
    extra-enterprise communications.

(2) WIMS monitoring information transferred in cleartext over the public
Internet exposes considerable detail about the customer's network
that is useful to attackers.

(3) SNMPv1/v2 are NOT currently used for intra-enterprise configuration
    because of the significant threat of network corruption - all
    responsible security professionals recommend the restriction of
    intra-enterprise configuration to protocols with strong mutual
    authentication.

(4) The transfer of intra-enterprise accounting information without
strong mutual authentication makes verifiable billing impossible.

Comments?

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Blue Roof Music / High North Inc
PO Box 221 Grand Marais, MI 49839
phone: +1-906-494-2434
email: imcdonald@sharplabs.com

Next message: McDonald, Ira: "WIMS> Posted Counter MIB v0.50 (5 February 2005)"
Previous message: McDonald, Ira: "WIMS> Need Requirements for WIMS spec before last call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Feb 05 2005 - 17:02:30 EST