--- 1/draft-ietf-opsec-efforts-13.txt 2011-02-07 16:14:33.000000000 +0100 +++ 2/draft-ietf-opsec-efforts-14.txt 2011-02-07 16:14:33.000000000 +0100 @@ -1,18 +1,18 @@ Network Working Group C. Lonvick Internet-Draft D. Spak Intended status: Informational Cisco Systems -Expires: May 15, 2011 November 11, 2010 +Expires: August 11, 2011 February 7, 2011 Security Best Practices Efforts and Documents - draft-ietf-opsec-efforts-13.txt + draft-ietf-opsec-efforts-14.txt Abstract This document provides a snapshot of the current efforts to define or apply security requirements in various Standards Developing Organizations (SDO). Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the @@ -27,146 +27,149 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on May 15, 2011. + This Internet-Draft will expire on August 11, 2011. Copyright Notice - Copyright (c) 2010 IETF Trust and the persons identified as the + Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Format of this Document . . . . . . . . . . . . . . . . . . . 7 3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8 - 3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8 + 3.1. ATIS Telecom Glossary 2007 . . . . . . . . . . . . . . . . 8 3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 8 3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 - 3.4. Microsoft Solutions for Security Glossary . . . . . . . . 8 + 3.4. Microsoft Malware Protection Center . . . . . . . . . . . 9 3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 - 4. Standards Developing Organizations . . . . . . . . . . . . . . 10 - 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10 - 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 - 4.3. ANSI - The American National Standards Institute . . . . . 10 - 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10 + 3.7. NIST - Glossary of Key Information Security Terms . . . . 9 + 4. Standards Developing Organizations . . . . . . . . . . . . . . 11 + 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 11 + 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 11 + 4.3. ANSI - The American National Standards Institute . . . . . 11 + 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 11 4.4. ATIS - Alliance for Telecommunications Industry - Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 + Solutions . . . . . . . . . . . . . . . . . . . . . . . . 12 4.4.1. ATIS NIPP - Network Interface, Power, and - Protection Committee, formerly T1E1 . . . . . . . . . 11 + Protection Committee, formerly T1E1 . . . . . . . . . 12 4.4.2. ATIS NPRQ - Network Performance, Reliability, and - Quality of Service Committee, formerly T1A1 . . . . . 11 + Quality of Service Committee, formerly T1A1 . . . . . 12 4.4.3. ATIS OBF - Ordering and Billing Forum, formerly - regarding T1M1 O&B . . . . . . . . . . . . . . . . . . 11 + regarding T1M1 O&B . . . . . . . . . . . . . . . . . . 12 4.4.4. ATIS OPTXS - Optical Transport and Synchronization - Committee, formerly T1X1 . . . . . . . . . . . . . . . 12 + Committee, formerly T1X1 . . . . . . . . . . . . . . . 13 4.4.5. ATIS TMOC - Telecom Management and Operations - Committee, formerly T1M1 OAM&P . . . . . . . . . . . . 12 + Committee, formerly T1M1 OAM&P . . . . . . . . . . . . 13 4.4.6. ATIS WTSC - Wireless Technologies and Systems - Committee, formerly T1P1 . . . . . . . . . . . . . . . 12 + Committee, formerly T1P1 . . . . . . . . . . . . . . . 13 4.4.7. ATIS PTSC - Packet Technologies and Systems - Committee, formerly T1S1 . . . . . . . . . . . . . . . 12 + Committee, formerly T1S1 . . . . . . . . . . . . . . . 13 4.4.8. ATIS Protocol Interworking Committee, regarding - T1S1 . . . . . . . . . . . . . . . . . . . . . . . . . 13 - 4.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 13 - 4.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 13 + T1S1 . . . . . . . . . . . . . . . . . . . . . . . . . 14 + 4.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 14 + 4.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 14 4.7. ETSI - The European Telecommunications Standard - Institute . . . . . . . . . . . . . . . . . . . . . . . . 13 - 4.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 13 + Institute . . . . . . . . . . . . . . . . . . . . . . . . 14 + 4.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 14 4.9. IEEE - The Institute of Electrical and Electronics - Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 14 - 4.10. IETF - The Internet Engineering Task Force . . . . . . . . 14 + Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 15 + + 4.10. IETF - The Internet Engineering Task Force . . . . . . . . 15 4.11. INCITS - InterNational Committee for Information - Technology Standards . . . . . . . . . . . . . . . . . . . 14 + Technology Standards . . . . . . . . . . . . . . . . . . . 15 4.11.1. INCITS Technical Committee T11 - Fibre Channel - Interfaces . . . . . . . . . . . . . . . . . . . . . . 14 + Interfaces . . . . . . . . . . . . . . . . . . . . . . 15 4.12. ISO - The International Organization for - Standardization . . . . . . . . . . . . . . . . . . . . . 14 - 4.13. ITU - International Telecommunication Union . . . . . . . 15 + Standardization . . . . . . . . . . . . . . . . . . . . . 15 + 4.13. ITU - International Telecommunication Union . . . . . . . 16 4.13.1. ITU Telecommunication Standardization Sector - - ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 15 - 4.13.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 15 - 4.13.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 15 + ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 16 + 4.13.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 16 + 4.13.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 16 4.14. OASIS - Organization for the Advancement of - Structured Information Standards . . . . . . . . . . . . . 15 - 4.15. OIF - Optical Internetworking Forum . . . . . . . . . . . 16 + Structured Information Standards . . . . . . . . . . . . . 16 + 4.15. OIF - Optical Internetworking Forum . . . . . . . . . . . 17 4.16. NRIC - The Network Reliability and Interoperability - Council . . . . . . . . . . . . . . . . . . . . . . . . . 16 + Council . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.17. National Security Telecommunications Advisory - Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 16 - 4.18. TIA - The Telecommunications Industry Association . . . . 16 - 4.19. TTA - Telecommunications Technology Association . . . . . 17 - 4.20. The World Wide Web Consortium . . . . . . . . . . . . . . 17 - 4.21. Web Services Interoperability Organization (WS-I) . . . . 17 - 5. Security Best Practices Efforts and Documents . . . . . . . . 18 - 5.1. 3GPP - TSG SA WG3 (Security) . . . . . . . . . . . . . . . 18 - 5.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 18 + Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 17 + 4.18. TIA - The Telecommunications Industry Association . . . . 17 + 4.19. TTA - Telecommunications Technology Association . . . . . 18 + 4.20. The World Wide Web Consortium . . . . . . . . . . . . . . 18 + 4.21. Web Services Interoperability Organization (WS-I) . . . . 18 + 5. Security Best Practices Efforts and Documents . . . . . . . . 19 + 5.1. 3GPP - TSG SA WG3 (Security) . . . . . . . . . . . . . . . 19 + 5.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 19 5.3. American National Standard T1.276-2003 - Baseline - Security Requirements for the Management Plane . . . . . . 18 + Security Requirements for the Management Plane . . . . . . 19 5.4. DMTF - Security Protection and Management (SPAM) - Working Group . . . . . . . . . . . . . . . . . . . . . . 19 - 5.5. DMTF - User and Security Working Group . . . . . . . . . . 19 + Working Group . . . . . . . . . . . . . . . . . . . . . . 20 + 5.5. DMTF - User and Security Working Group . . . . . . . . . . 20 5.6. ATIS Work-Plan to Achieve Interoperable, - Implementable, End-To-End Standards and Solutions . . . . 19 - 5.6.1. ATIS Work on Packet Filtering . . . . . . . . . . . . 19 - 5.7. ATIS Work on the NGN . . . . . . . . . . . . . . . . . . . 20 - 5.8. Common Criteria . . . . . . . . . . . . . . . . . . . . . 20 - 5.9. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 - 5.10. GGF Security Area (SEC) . . . . . . . . . . . . . . . . . 21 - 5.11. Information System Security Assurance Architecture . . . . 21 + Implementable, End-To-End Standards and Solutions . . . . 20 + 5.6.1. ATIS Work on Packet Filtering . . . . . . . . . . . . 20 + 5.7. ATIS Work on the NGN . . . . . . . . . . . . . . . . . . . 21 + 5.8. Common Criteria . . . . . . . . . . . . . . . . . . . . . 21 + 5.9. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 + 5.10. GGF Security Area (SEC) . . . . . . . . . . . . . . . . . 22 + 5.11. Information System Security Assurance Architecture . . . . 22 5.12. Operational Security Requirements for IP Network - Infrastructure : Advanced Requirements . . . . . . . . . . 21 - 5.13. INCITS CS1 - Cyber Security . . . . . . . . . . . . . . . 22 + Infrastructure : Advanced Requirements . . . . . . . . . . 22 + 5.13. INCITS CS1 - Cyber Security . . . . . . . . . . . . . . . 23 5.14. ISO Guidelines for the Management of IT Security - - GMITS . . . . . . . . . . . . . . . . . . . . . . . . . . 22 - 5.15. ISO JTC 1/SC 27 . . . . . . . . . . . . . . . . . . . . . 23 - 5.16. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 23 - 5.17. ITU-T Recommendation M.3016 . . . . . . . . . . . . . . . 24 - 5.18. ITU-T Recommendation X.805 . . . . . . . . . . . . . . . 24 - 5.19. ITU-T Study Group 16 . . . . . . . . . . . . . . . . . . . 24 - 5.20. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 25 + GMITS . . . . . . . . . . . . . . . . . . . . . . . . . . 23 + 5.15. ISO JTC 1/SC 27 . . . . . . . . . . . . . . . . . . . . . 24 + 5.16. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 24 + 5.17. ITU-T Recommendation M.3016 . . . . . . . . . . . . . . . 25 + 5.18. ITU-T Recommendation X.805 . . . . . . . . . . . . . . . 25 + 5.19. ITU-T Study Group 16 . . . . . . . . . . . . . . . . . . . 25 + 5.20. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 26 5.21. Catalogue of ITU-T Recommendations related to - Communications System Security . . . . . . . . . . . . . . 25 - 5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 25 - 5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 26 - 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 - 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 - 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 - 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 - 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 - 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 - 5.30. NIST Special Publications (800 Series) . . . . . . . . . . 28 - 5.31. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 28 - 5.32. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 28 - 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 - 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 - 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 - 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 + Communications System Security . . . . . . . . . . . . . . 26 + 5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 26 + 5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 27 + 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 27 + 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 27 + 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 28 + 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 28 + 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 + 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 29 + 5.30. NIST Special Publications (800 Series) . . . . . . . . . . 29 + 5.31. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 29 + 5.32. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 29 + 5.33. SANS Information Security Reading Room . . . . . . . . . . 30 + 6. Security Considerations . . . . . . . . . . . . . . . . . . . 31 + 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 + 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 + 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 34 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 37 1. Introduction The Internet is being recognized as a critical infrastructure similar in nature to the power grid and a potable water supply. Just like those infrastructures, means are needed to provide resiliency and adaptability to the Internet so that it remains consistently available to the public throughout the world even during times of duress or attack. For this reason, many SDOs are developing standards with hopes of retaining an acceptable level, or even @@ -205,20 +208,23 @@ document could be a useful reference in producing the documents described in the Working Group Charter. The authors have agreed to keep this document current and request that those who read it will submit corrections or comments. Comments on this document may be addressed to the OpSec Working Group or directly to the authors. opsec@ops.ietf.org + This document will be updated in sections. The most recently updated + part of this document is Section 3. + 2. Format of this Document The body of this document has three sections. The first part of the body of this document, Section 3, contains a listing of online glossaries relating to networking and security. It is very important that the definitions of words relating to security and security events be consistent. Inconsistencies between the useage of words on standards is unacceptable as it would prevent a reader of two standards to appropriately relate their @@ -231,85 +237,113 @@ The third part, Section 5, lists the documents which have been found to offer good practices or recommendations for securing networks and networking devices. 3. Online Security Glossaries This section contains references to glossaries of network and computer security terms -3.1. ATIS Telecom Glossary 2000 +3.1. ATIS Telecom Glossary 2007 http://www.atis.org/tg2k/ - Under an approved T1 standards project (T1A1-20), an existing 5800- - entry, search-enabled hypertext telecommunications glossary titled - Federal Standard 1037C, Glossary of Telecommunication Terms was - updated and matured into this glossary, T1.523-2001, Telecom Glossary - 2000. This updated glossary was posted on the Web as an American - National Standard (ANS). + This Glossary began as a 5800-entry, search-enabled hypertext + telecommunications glossary titled Federal Standard 1037C, Glossary + of Telecommunication Terms . Federal Standard 1037C was updated and + matured into an American National Standard (ANS): T1.523-2001, + Telecom Glossary 2000 , under the aegis of ASC T1. In turn, T1.523- + 2001 has been revised and redesignated under the ATIS procedures for + ANS development as ATIS-0100523.2007, ATIS Telecom Glossary 2007. + + Date published: 2007 3.2. Internet Security Glossary - RFC 4949 http://www.ietf.org/rfc/rfc4949.txt This document was originally created as RFC 2828 in May 2000. It was revised as RFC 4949 and the document defines itself to be, "an internally consistent, complementary set of abbreviations, definitions, explanations, and recommendations for use of terminology related to information system security." + Date published: August 2007 + 3.3. Compendium of Approved ITU-T Security Definitions - http://www.itu.int/itudoc/itu-t/com17/activity/def004.html + http://www.itu.int/itudoc/itu-t/com17/activity/add002.html Addendum to the Compendium of the Approved ITU-T Security-related Definitions - http://www.itu.int/itudoc/itu-t/com17/activity/add002.html These extensive materials were created from approved ITU-T Recommendations with a view toward establishing a common - understanding and use of security terms within ITU-T. + understanding and use of security terms within ITU-T. The original + Compendium was compiled by SG 17, Lead Study Group on Communication + Systems Security (LSG-CSS). + http://www.itu.int/itudoc/itu-t/com17/activity/def004.html -3.4. Microsoft Solutions for Security Glossary + Date published: 2003 + +3.4. Microsoft Malware Protection Center http://www.microsoft.com/security/glossary.mspx - The Microsoft Solutions for Security Glossary was created to explain - the concepts, technologies, and products associated with computer - security. This glossary contains several definitions specific to - Microsoft proprietary technologies and product solutions. + The Microsoft Malware Protection Center, Threat Research and Response + Glossary was created to explain the concepts, technologies, and + products associated with computer security. + + Date published: indeterminate 3.5. SANS Glossary of Security Terms http://www.sans.org/resources/glossary.php The SANS Institute (SysAdmin, Audit, Network, Security) was created in 1989 as, "a cooperative research and education organization." - Updated in May 2003, SANS cites the NSA for their help in creating - the online glossary of security terms. The SANS Institute is also + This glossary was pdated in May 2003. The SANS Institute is also home to many other resources including the SANS Intrusion Detection FAQ and the SANS/FBI Top 20 Vulnerabilities List. + Date published: indeterminate + 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler http://www.garlic.com/~lynn/secure.htm Anne and Lynn Wheeler maintain a security taxonomy and glossary with terms merged from AFSEC, AJP, CC1, CC2, CC21 (CC site), CIAO, FCv1, FFIEC, FJC, FTC, IATF V3 (IATF site), IEEE610, ITSEC, Intel, JTC1/ SC27 (SC27 site), KeyAll, MSC, NIST 800-30, 800-33, 800-37, 800-53, 800-61, 800-77, 800-83 FIPS140, NASA, NCSC/TG004, NIAP, NSA Intrusion, CNSSI 4009, online security study, RFC1983, RFC2504, RFC2647, RFC2828, TCSEC, TDI, and TNI. + Date updated: October 2010 + +3.7. NIST - Glossary of Key Information Security Terms + + http://csrc.nist.gov/publications/nistir/ + NISTIR-7298_Glossary_Key_Infor_Security_Terms.pdf + + This glossary of basic security terms has been extracted from NIST + Federal Information Processing Standards (FIPS) and the Special + Publication (SP) 800 series. The terms included are not all + inclusive of terms found in these publications, but are a subset of + basic terms that are most frequently used. The purpose of this + glossary is to provide a central resource of definitions most + commonly used in NIST security publications. + + Date published: April 2006 + 4. Standards Developing Organizations This section of this document lists the SDOs, or organizations that appear to be developing security related standards. These SDOs are listed in alphabetical order. Note: The authors would appreciate corrections and additions. This note will be removed before publication as an RFC. 4.1. 3GPP - Third Generation Partnership Project @@ -1186,20 +1220,35 @@ ITL Bulletins are published by NIST's Information Technology Laboratory, with most bulletins written by the Computer Security Division. These bulletins are published on the average of six times a year. Each bulletin presents an in-depth discussion of a single topic of significant interest to the information systems community. Not all of ITL Bulletins that are published relate to computer / network security. Only the computer security ITL Bulletins are found here. +5.33. SANS Information Security Reading Room + + http://www.sans.org/reading_room/ + + Featuring over 1,885 original computer security white papers in 75 + different categories. + + Most of the computer security white papers in the Reading Room have + been written by students seeking GIAC certification to fulfill part + of their certification requirements and are provided by SANS as a + resource to benefit the security community at large. SANS attempts + to ensure the accuracy of information, but papers are published "as + is". Errors or inconsistencies may exist or may be introduced over + time as material becomes dated. + 6. Security Considerations This document describes efforts to standardize security practices and documents. As such this document offers no security guidance whatsoever. Readers of this document should be aware of the date of publication of this document. It is feared that they may assume that the efforts, on-line material, and documents are current whereas they may not be. Please consider this when reading this document. @@ -1210,21 +1259,21 @@ IANA to do anything. 8. Acknowledgments The following people have contributed to this document. Listing their names here does not mean that they endorse the document, but that they have contributed to its substance. David Black, Mark Ellison, George Jones, Keith McCloghrie, John McDonough, Art Reilly, Chip Sharp, Dane Skow, Michael Hammer, Bruce - Moon. + Moon, Stephen Kent, Steve Wolff. 9. Changes from Prior Drafts -00 : Initial draft published as draft-lonvick-sec-efforts-01.txt -01 : Security Glossaries: Added ATIS Telecom Glossary 2000, Critical Infrastructure Glossary of Terms and Acronyms, Microsoft Solutions for Security Glossary, and USC InfoSec Glossary. @@ -1323,28 +1372,45 @@ -10 : Tenth revision of the WG ID. Added references to NIST documents, recommended by Steve Wolff. Updated the date. -11 : Eleventh revision of the WG ID. Updated the date. - -12 : Eleventh revision of the WG ID. + -12 : Twelfth revision of the WG ID. Updated the date. -13 : Nothing new. Updated the date. + -14 : Fourteenth revision of the WG ID. + + Updated the date and reviewed the accuracy of Section 3. + + Updated the section on Compendium of Approved ITU-T Security + Definitions + + Updated the section on the Microsoft glossary. + + Updated the section on the SANS glossary. + + Added the NIST Security glossary. + + Added dates to all glossaries - where I could find them. + + Added the SANS Reading Room material to Section 5. + Note: This section will be removed before publication as an RFC. Authors' Addresses Chris Lonvick Cisco Systems 12515 Research Blvd. Austin, Texas 78759 US