[cabf_netsec] Invitation to Threat Modeling Discussion on Additional Network Security Controls
bwilson at mozilla.com
Tue Sep 1 08:02:24 MST 2020
On Mon, Aug 24, 2020 at 10:45 AM Ben Wilson <bwilson at mozilla.com> wrote:
> For the reasons outlined below, we need each CA to send someone
> knowledgeable about network security to our next Threat Modeling subgroup
> meeting, to be held on Thursday, Sept. 3rd, at 1:00 p.m. Eastern Daylight
> Time (1700 UTC). Please send me and Mariusz the name of someone who can
> attend and we'll send them an invite.
> In recent meetings of the NetSec group and the Document Restructuring
> subgroup we have discussed the "Zones" Ballot. We have referred some
> discussion to the Threat Modeling subgroup. Specifically, how do we handle
> the replacement of NCSSR section 1.e., which currently reads, "Implement
> and configure Security Support Systems that protect systems and
> communications between systems inside Secure Zones and High Security Zones,
> and communications with non-Certificate Systems outside those zones
> (including those with organizational business units that do not provide
> PKI-related services) and those on public networks"? The proposed
> replacement ("Implement and configure Security Support Systems to secure
> communications and protect Certificate Systems from attacks emanating from
> non-trusted networks")has been criticized as too weak. Can we add
> additional controls to address this issue?
> 1 - We have discussed authentication and encryption as preventative
> measures, and continuous monitoring as a detective measure. (E.g. what is
> meant by "fully authenticated", "end-to-end encryption", etc., and are
> there standards that use similar language which might be helpful?)
> 2 - We hope to focus on cloud-based networking security controls and
> similar situations where a common internal network needs to protect highly
> sensitive CA processes.
> 3 - Aside from user authentication, I also have a concern about the
> authentication/system access by non-user system accounts and system
> processes. How do we protect them from being hijacked? Should this be part
> of the discussion, too?
> In sum, how can we modify section 1.e. so that it adequately protects
> against network-based attacks?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Netsec