| yang-guidelines.txt | rfc9094_SC.txt | |||
|---|---|---|---|---|
| X. Security Considerations | 4. Security Considerations | |||
| The YANG module specified in this document defines a schema for data | The YANG module specified in this document defines a schema for data | |||
| that is designed to be accessed via network management protocols such | that is designed to be accessed via network management protocols such | |||
| as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer | as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer | |||
| is the secure transport layer, and the mandatory-to-implement secure | is the secure transport layer, and the mandatory-to-implement secure | |||
| transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer | transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer | |||
| is HTTPS, and the mandatory-to-implement secure transport is TLS | is HTTPS, and the mandatory-to-implement secure transport is TLS | |||
| [RFC8446]. | [RFC8446]. | |||
| The Network Configuration Access Control Model (NACM) [RFC8341] | The NETCONF protocol over Secure Shell (SSH) specification [RFC6242] | |||
| provides the means to restrict access for particular NETCONF or | describes a method for invoking and running NETCONF within a Secure | |||
| RESTCONF users to a preconfigured subset of all available NETCONF or | Shell (SSH) session as an SSH subsystem. The NETCONF access control | |||
| RESTCONF protocol operations and content. | model [RFC8341] provides the means to restrict access for particular | |||
| NETCONF or RESTCONF users to a preconfigured subset of all available | ||||
| -- if you have any writable data nodes (those are all the -- "config tr | NETCONF or RESTCONF protocol operations and content. | |||
| ue" nodes, and remember, that is the default) -- describe their specific se | ||||
| nsitivity or vulnerability. | ||||
| There are a number of data nodes defined in this YANG module that are | There are a number of data nodes defined in this YANG module that are | |||
| writable/creatable/deletable (i.e., config true, which is the | writable/creatable/deletable (i.e., config true, which is the | |||
| default). These data nodes may be considered sensitive or vulnerable | default). These data nodes may be considered sensitive or vulnerable | |||
| in some network environments. Write operations (e.g., edit-config) | in some network environments. Write operations (e.g., edit-config) | |||
| to these data nodes without proper protection can have a negative | to these data nodes without proper protection can have a negative | |||
| effect on network operations. These are the subtrees and data nodes | effect on network operations. Considerations in Section 8 of | |||
| and their sensitivity/vulnerability: | [RFC8795] are also applicable to their subtrees in the module defined | |||
| in this document. | ||||
| <list subtrees and data nodes and state why they are sensitive> | ||||
| -- for all YANG modules you must evaluate whether any readable data -- | ||||
| nodes (those are all the "config false" nodes, but also all other -- nodes, | ||||
| because they can also be read via operations like get or -- get-config) ar | ||||
| e sensitive or vulnerable (for instance, if they -- might reveal customer i | ||||
| nformation or violate personal privacy -- laws such as those of the Europea | ||||
| n Union if exposed to -- unauthorized parties) | ||||
| Some of the readable data nodes in this YANG module may be considered | Some of the readable data nodes in this YANG module may be considered | |||
| sensitive or vulnerable in some network environments. It is thus | sensitive or vulnerable in some network environments. It is thus | |||
| important to control read access (e.g., via get, get-config, or | important to control read access (e.g., via get, get-config, or | |||
| notification) to these data nodes. These are the subtrees and data | notification) to these data nodes. Considerations in Section 8 of | |||
| nodes and their sensitivity/vulnerability: | [RFC8795] are also applicable to their subtrees in the module defined | |||
| in this document. | ||||
| <list subtrees and data nodes and state why they are sensitive> | ||||
| -- if your YANG module has defined any rpc operations -- describe their | ||||
| specific sensitivity or vulnerability. | ||||
| Some of the RPC operations in this YANG module may be considered | ||||
| sensitive or vulnerable in some network environments. It is thus | ||||
| important to control access to these operations. These are the | ||||
| operations and their sensitivity/vulnerability: | ||||
| <list RPC operations and state why they are sensitive> | Finally, the YANG module described in this document augments the | |||
| "ietf-network" YANG module [RFC8345] and the "ietf-te-topology" YANG | ||||
| module [RFC8795] by adding data nodes. The security considerations | ||||
| for the subtrees described in those RFCs apply equally to the new | ||||
| data nodes that this module adds. | ||||
| End of changes. 6 change blocks. | ||||
| 33 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||