A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : IPFIX Information Elements for logging IPSec Events
Authors : Tom Alexander
Frederic Detienne
Sandeep Rao
Thamilarasu Kandasamy
Filename : draft-alexander-opsawg-ipfix-ipsec-logging-00.txt
Pages : 29
Date : 2014-11-19
Abstract:
Internet Protocol Security (IPSec) is an industry standard protocol
suite that provides secure services for traffic between IP peers in
the network. The purpose of IPSec is to provide key tenets of
security that include authentication, integrity protection, access
control and data confidentiality. The objectivities of IPSec are met
using a collection of intertwined components namely, the security
protocols, session and key management protocols and algorithms for
authentication and encryption.
An end-to-end IPSec operation is typically multi-step involving
various technologies. There are many events in IPSec process that
are of interest, such as - identities and connection status of
security peers, traffic or applications being protected, access
control and encryption policies being enforced. While many of these
are functionally discrete, they have an impact on end-to-end IPSec
operations. While network elements involved in IPSec process do
provide system logs, command line interfaces and management objects
that reflect the various states of operations, these are however
dissevered, inconsistent and not easily favorable for analyzing,
monitoring, auditing of end-to-end behavior
This document proposes an approach for common representation and
standardization of various IPSec operational data and events using
industry standard IPFIX information model. The IPFIX approach helps
to store and manage data in a consistent format, also provides
opportunity for a collector to correlate various IPSec events which
in turn can be exploited to obtain enriched end-to-end monitoring,
reporting and troubleshooting capabilities and provide various
security analytics on IPSec flows such as - host identification,
application detection, track user policy violations, protocol
failures and so on.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-alexander-opsawg-ipfix-ipsec-logging/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-alexander-opsawg-ipfix-ipsec-logging-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
