{"draft":"draft-ietf-l3vpn-security-framework-03","doc_id":"RFC4111","title":"Security Framework for Provider-Provisioned Virtual Private Networks (PPVPNs)","authors":["L. Fang, Ed."],"format":["ASCII","HTML"],"page_count":"45","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Layer 3 Virtual Private Networks INT","abstract":"This document addresses security aspects pertaining to\r\nProvider-Provisioned Virtual Private Networks (PPVPNs).  First, it\r\ndescribes the security threats in the context of\r\nPPVPNs and defensive techniques to combat those\r\nthreats.  It considers security issues deriving both from malicious\r\nbehavior of anyone and from negligent or incorrect behavior of the\r\nproviders.  It also describes how these security attacks should be\r\ndetected and reported.  It then discusses possible user requirements\r\nfor security of a PPVPN service.  These user requirements translate\r\ninto corresponding provider requirements.  In addition, the provider\r\nmay have additional requirements to make its network infrastructure\r\nsecure to a level that can meet the PPVPN customer's expectations.\r\nFinally, this document defines a template that may be used to describe\r\nand analyze the security characteristics of a specific PPVPN technology.  This memo provides information for the Internet community.","pub_date":"June 2005","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":["RFC8996"],"see_also":[],"doi":"10.17487\/RFC4111","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc4111"}