Commit bf5e0db3 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Use suggestions from Jarek and Pol, simplify security profiles

parent 2aa2e96b

EN-304-625.md

+59 −37
Original line number Diff line number Diff line
@@ -328,7 +328,7 @@ A physical network interface connects via the local communications bus to the ho 


> FIXME mermaid chart temporarily removed to generate Word doc



A wired network interface transmits data via a wired medium such as Ethernet cable, fiber optic cable, coaxial cable or power lines. A wireless network interface uses radiofrequency transmissions to transmit data over the air. A virtual network interface transmits data only within the memory of a host system.

A wired network interface transmits data via a wired medium such as Ethernet cable, fiber optic cable, coaxial cable or power lines. A wireless network interface uses radiofrequency transmissions to transmit data over the air. A virtual network interface transmits data through software within the memory of a host system, sometimes across a software-defined network fabric.



Wireless network interfaces often have an independent real-time operating system on the network interface itself. Wireless medium access often requires real-time response to manage the radio frequency transmissions properly. The network interface must also prevent improper settings of radio frequency transmission parameters, which is often implemented by having the internal firmware set the parameters, rather than exposing them to the host. The complexity of this firmware may increase the risk of a wireless interface.
@@ -357,42 +357,42 @@ This list of use cases describes several system scenarios for network interfaces 
  * Behind a firewall/gateway, no direct route to internet

  * Users are administrators and approved (predefined, fixed) applications

  * Network interface implements performance optimizations

  * Professional administration by enterprise IT

  * Professional administration



* UC-WD-2 Wired professional device in internal infrastructure

  * E.g. switches behind edge firewall devices

  * Behind a firewall, routing filtered internet traffic

  * Users are administrators

  * Network interface implements performance optimizations

  * Professional administration by enterprise IT

  * Professional administration



* UC-WD-3 Wired professional edge device or internet infrastructure

  * E.g. firewalls, VPN servers, switches in IXPs and ISPs, smart meter gateways and data concentrators in a smart metering system

  * Exposed to entire internet on the public network side

  * Users are administrators and approved applications

  * Network interface implements performance optimizations

  * Professional administration by enterprise IT

  * Professional administration



* UC-WD-4 Wired professional worker device on internal network

  * E.g. stationary personal computer, registration terminal, cash register

  * Behind a corporate firewall

  * Users are company employees

  * Network interface implements performance optimizations

  * Professional administration by enterprise IT

  * Professional administration



* UC-WD-5 Wired stationary home device

  * E.g. stationary personal computer, IoT hub, thermostat, TV

  * Behind home gateway firewall

  * Host access limited to people within the home

  * Simple, low-feature network interface implementation

  * May be administered by anyone in the premises

  * Non-professional administration



* UC-WD-6 Wired stationary home gateway

  * E.g. ISP-managed access point

  * Exposed to the entire internet, with potentially some ISP filtering

  * Host access limited to trusted users/systems

  * Simple, low-feature network interface implementation

  * Professional administration

  * Mix of professional and non-professional administration



* UC-WD-7 Wired stationary public server

  * E.g. shared webhosting
@@ -406,14 +406,14 @@ This list of use cases describes several system scenarios for network interfaces 
  * Behind some firewall, network accessible by physically nearby attackers

  * Can be used by anybody

  * Simple, low-feature network interface implementation

  * Professional administration but probably underfunded

  * Professionally administered but likely under-resourced



* UC-WD-9 Wired mobile device

  * E.g. laptop

  * Exposed to entire internet, physically nearby attackers

  * Users limited to owner and a limited number of people they trust

  * Simple, low-feature network interface implementation

  * May be administered by anyone in the home

  * Non-professional administration



### 4.4.2 Wireless network interface use cases
@@ -422,58 +422,58 @@ This list of use cases describes several system scenarios for network interfaces 
  * Exposed to entire internet via any access point

  * Users are company employees

  * Interface implements radio control and encryption

  * Professional administration by enterprise IT

  * Professional administration



* UC-WL-2 Wireless stationary home device

  * E.g. IoT lightbulb, smart oven, stationary personal computer

  * Behind home gateway firewall, network accessible by physically nearby attackers

  * Host access limited to people within the home

  * Interface implements radio control and encryption

  * May be administered by anyone in the home

  * Non-professional administration



* UC-WL-3 Wireless stationary device for public use

  * E.g. public library computer, vending machine

  * Behind some firewall, network accessible by physically nearby attackers

  * Can be used by literally anybody

  * Interface implements radio control and encryption

  * Professional administration but probably underfunded

  * Professional administration but likely under-resourced



* UC-WL-4 Wireless mobile personal device

  * E.g. laptop, phone, tablet, watch

  * Exposed to entire internet, physically nearby attackers

  * Users limited to owner and a few people they trust

  * Interface implements radio control and encryption

  * Amateur administration

  * Non-professional administration



### 4.4.3 Virtual network interface use cases



* UC-VI-1 Virtual interface for internal use on private device

  * E.g. loopback, containers, tunnel to local application

  * Packets only from other applications/users on host

  * Users are administrators and approved applications in containers

  * Users limited to owner and who they trust

  * Very simple device driver

  * Skilled administrator

  * Professional administration



* UC-VI-2 Virtual interface for external use on private device

  * Virtio on hypervisors, VPN interfaces, tunnel interfaces

  * Exposed to entire internet

  * Users are administrators and potentially untrusted applications

  * Users limited to owner and who they trust

  * Highly complex packet filtering, processing, encryption, etc.

  * Anyone can be administrator

  * Non-professional administration



* UC-VI-3 Virtual interface for external use on enterprise device

  * Virtio on hypervisors, VPN interfaces, tunnel interfaces

  * Exposed to entire internet

  * Users are untrusted

  * Users are company employees

  * Highly complex packet filtering, processing, encryption, etc.

  * Administered by enterprise IT

  * Professional administration



* UC-VI-4 Virtual interface for external use on public server

  * Virtio on hypervisors, VPN interfaces, tunnel interfaces

  * Exposed to entire internet

  * Users are untrusted

  * Highly complex packet filtering, processing, encryption, etc.

  * Administered by professional IT

  * Professional administration



## 4.5 Risk factors
@@ -505,29 +505,41 @@ This measures how easy it is for untrusted entities to send packets that the net 
  * **[COM-L-2]** Encryption features on device

  * **[COM-L-3]** Entire RTOS managing radio, PXE boot, remote management, or similar



**[ADM]** Skill level of administration

**[ADM]** Effectiveness of administration



  * **[ADM-L-0]** Professional administration

  * **[ADM-L-1]** Amateur administration

  * **[ADM-L-0]** Professional administration, fully resourced

  * **[ADM-L-1]** Non-professional administration, professional but under-resourced, or mixed



### 4.5.1 Mapping of use cases to risk factors and security profiles



#### 4.5.2.1 Wired network interface use cases



| Use case                                                            | USR | ACC | COM | ADM | Sec Pro |

|---------------------------------------------------------------------|-----|-----|-----|-----|---------|

| UC-WD-1 Wired enterprise device in isolated internal infrastructure | L-0 | L-0 | L-1 | L-0 | SP-WD-1 |

| UC-WD-2 Wired enterprise internal infrastructure device             | L-0 | L-1 | L-2 | L-0 | SP-WD-1 |

| UC-WD-3 Wired enterprise edge device or internet infrastructure     | L-0 | L-2 | L-2 | L-0 | SP-WD-2 |

| UC-WD-4 Wired enterprise worker device on internal network          | L-1 | L-1 | L-2 | L-0 | SP-WD-2 |

| UC-WD-5 Wired stationary home device                                | L-2 | L-1 | L-0 | L-1 | SP-WD-3 |

| UC-WD-6 Wired stationary home gateway                               | L-0 | L-2 | L-0 | L-0 | SP-WD-3 |

| UC-WD-7 Wired stationary public server                              | L-3 | L-2 | L-1 | L-0 | SP-WD-4 |

| UC-WD-8 Wired stationary device for public use                      | L-3 | L-2 | L-0 | L-0 | SP-WD-4 |

| UC-WD-9 Wired mobile device                                         | L-2 | L-2 | L-0 | L-1 | SP-WD-4 |

| UC-WD-3 Wired enterprise edge device or internet infrastructure     | L-0 | L-2 | L-2 | L-0 | SP-WD-1 |

| UC-WD-4 Wired enterprise worker device on internal network          | L-1 | L-1 | L-2 | L-0 | SP-WD-1 |

| UC-WD-5 Wired stationary home device                                | L-2 | L-1 | L-0 | L-1 | SP-WD-2 |

| UC-WD-6 Wired stationary home gateway                               | L-0 | L-2 | L-0 | L-1 | SP-WD-2 |

| UC-WD-7 Wired stationary public server                              | L-3 | L-2 | L-1 | L-0 | SP-WD-2 |

| UC-WD-8 Wired stationary device for public use                      | L-3 | L-2 | L-0 | L-1 | SP-WD-2 |

| UC-WD-9 Wired mobile device                                         | L-2 | L-2 | L-0 | L-1 | SP-WD-2 |



#### 4.5.2.2 Wireless network interface use cases



| Use case                                                            | USR | ACC | COM | ADM | Sec Pro |

|---------------------------------------------------------------------|-----|-----|-----|-----|---------|

| UC-WL-1 Wireless mobile enterprise worker device                    | L-1 | L-2 | L-3 | L-0 | SP-WL-1 |

| UC-WL-2 Wireless stationary home device                             | L-2 | L-1 | L-3 | L-1 | SP-WL-1 |

| UC-WL-3 Wireless stationary device for public use                   | L-3 | L-2 | L-3 | L-0 | SP-WL-2 |

| UC-WL-3 Wireless stationary device for public use                   | L-3 | L-2 | L-3 | L-1 | SP-WL-2 |

| UC-WL-4 Wireless mobile personal device                             | L-2 | L-2 | L-3 | L-1 | SP-WL-2 |

| UC-VI-1 Virtual interface for internal use                          | L-0 | L-0 | L-0 | L-1 | SP-VI-1 |



#### 4.5.2.3 Virtual network interface use cases



| Use case                                                            | USR | ACC | COM | ADM | Sec Pro |

|---------------------------------------------------------------------|-----|-----|-----|-----|---------|

| UC-VI-1 Virtual interface for internal use                          | L-2 | L-0 | L-0 | L-1 | SP-VI-1 |

| UC-VI-2 Virtual interface for external use on private device        | L-2 | L-2 | L-2 | L-1 | SP-VI-2 |

| UC-VI-3 Virtual interface for external use on enterprise device     | L-1 | L-1 | L-2 | L-0 | SP-VI-2 |

| UC-VI-4 Virtual interface for external use on public server         | L-3 | L-2 | L-2 | L-0 | SP-VI-2 |
@@ -542,15 +554,25 @@ Security profiles are an informative resource to the manufacturer. Each security 


Security profiles are associated with sets of risk factor levels.



#### 4.6.2.1 Wired network interface security profiles



| Security profile | USR     | ACC     | COM     | ADM     |

|------------------|---------|---------|---------|---------|

| SP-WD-1          | USR-L-1 | ACC-L-2 | COM-L-2 | ADM-L-0 |

| SP-WD-2          | USR-L-3 | ACC-L-2 | COM-L-0 | ADM-L-1 |



#### 4.6.2.2 Wireless network interface security profiles



| Security profile | USR     | ACC     | COM     | ADM     |

|------------------|---------|---------|---------|---------|

| SP-WD-1          | USR-L-1 | ACC-L-1 | COM-L-2 | ADM-L-0 |

| SP-WD-2          | USR-L-1 | ACC-L-2 | COM-L-2 | ADM-L-0 |

| SP-WD-3          | USR-L-2 | ACC-L-2 | COM-L-0 | ADM-L-1 |

| SP-WD-4          | USR-L-3 | ACC-L-2 | COM-L-0 | ADM-L-1 |

| SP-WL-1          | USR-L-2 | ACC-L-2 | COM-L-3 | ADM-L-1 |

| SP-WL-2          | USR-L-3 | ACC-L-2 | COM-L-3 | ADM-L-1 |

| SP-VI-1          | USR-L-0 | ACC-L-0 | COM-L-0 | ADM-L-1 |



#### 4.6.2.3 Virtual network interface security profiles



| Security profile | USR     | ACC     | COM     | ADM     |

|------------------|---------|---------|---------|---------|

| SP-VI-1          | USR-L-2 | ACC-L-0 | COM-L-0 | ADM-L-1 |

| SP-VI-2          | USR-L-3 | ACC-L-2 | COM-L-1 | ADM-L-1 |



## 4.7 Essential functions