North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Hi, we're from the government and we're here to help

  • From: Paul Ferguson
  • Date: Thu Mar 09 21:50:25 2000

At 06:18 PM 03/09/2000 -0800, Sean Donelan wrote:

>The problem is with providers without famous people and too many people,
>so they don't know each other.  If you don't already know someone at, for
>example, NTT or BT or Qwest, navigating through their public contacts
>usually doesn't get you too far.
>What may be interesting is looking at how other industries handle the

Interestingly enough, there are a couple of very useful documents
which have come out of the IETF GRIP (Guidelines and Recommendations
for Security Incident Processing) Working Group:

RFC2350 (BCP21): "Expectations for Computer Security Incident
Response", N. Brownlee,  E. Guttman, June 1998.

"Security Expectations for Internet Service Providers",
draft-ietf-grip-isp-expectations-03.txt, T. Killalea,
February 2000.

"Security Checklist for Internet Service Provider (ISP)
Consumers", draft-ietf-grip-user-02.txt, T. Hansen, June 1999.

"Site Security Handbook Addendum for ISP's",
draft-ietf-grip-ssh-add-00.txt, T. Debeaupuis, August 1999.

In fact, draft-ietf-grip-isp-expectations-03 just went to Last Call
in the IETF prior to being advanced as a BCP.

- paul