Skip to content

Commit

Permalink
Documentation update on Capirca threat model, to always verify policy…
Browse files Browse the repository at this point in the history 
… definitions.

PiperOrigin-RevId: 510514635
  • Loading branch information
@abhindes
abhindes authored and Capirca Team committed Feb 17, 2023
1 parent 78f8e7c commit 8d8f257
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -894,7 +894,20 @@ docker run -v "${PWD}:/data" docker.pkg.github.com/google/capirca/capirca:latest

## Miscellaneous

Additional documentation:
### Security considerations

The Capirca threat model assumes some control and verification of policy
definitions (in .pol files). This is either through human user verification,
or that policies are generated by upstream systems that enforce correctness.

It is recommended that the ACL generated by Capirca is always tested for
correctness before being applied to production. Not all generators support every
feature, configuration option or term keywords. When something is unsupported,
Capirca will error out. But due to the sensitive nature of network ACLs, it is
always recommended to test any new generator being used, or new policies being
generated.

### Additional documentation

* [aclcheck library](./doc/wiki/AclCheck-library.md)
* [policy reader library](./doc/wiki/PolicyReader-library.md)
Expand Down

0 comments on commit 8d8f257

Please sign in to comment.