7. Security Considerations
7. Security Considerations
This document specifies a message format extension for SCHC. Hence, the same security considerations defined in [RFC8724] and [RFC9363] apply.
The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446].
The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:
/schc:schc/schc:rule/schc:nature/schc:fragmentation/schc:mode/schc:ack-on-error:
All the data nodes may be modified. The Rule contains sensitive information, such as the SCHC F/R mode configuration and usage and SCHC Compound ACK configuration. An attacker may try to modify other devices' Rules by changing the F/R mode or the usage of the SCHC Compound ACK and may block communication or create extra ACKs. Therefore, a device must be allowed to modify only its own Rules on the remote SCHC instance. The identity of the requester must be validated. This can be done through certificates or access lists.
Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:
/schc:schc/schc:rule/schc:nature/schc:fragmentation/schc:mode/schc:ack-on-error:
By reading this module, an attacker may learn the F/R mode used by the device, how the device manages the bitmap creation, the buffer sizes, and when the device will request an ACK.