Today the RFC Editor released RFC 8519 (the ietf-acl model) and RFC 8520 (Manufacturer Usage Descriptions). The ACL model provides for a programmatic YANG-based interface that is flexibly extensible. Manufacturer Usage Descriptions (MUD) extend this model so that manufacturers are in a position to request the network’s assistance.
MUD’s declarative model for manufacturers to describe to customers what network resources their devices are designed to use. No guessing games are required. Manufacturers use simple abstractions to describe what access a device needs, such as a domain name for cloud-based service, or same-manufacturer or my-controller for local devices.
Even when one doesn’t use automated tools, there is benefit to manufacturers in writing MUD files. A study by the University of New South Wales found that IoT devices often conflict with enterprise network policies, and that this goes largely unnoticed by administrators who don’t understand the needs of those devices. What we can say is that if manufacturers do a little bit of work, they and our customers can both derive a whole lot of value from the network.
A fair amount of software already exists for MUD, including the NIST MUD Manager, and the tools built by CIRA, not to mention Cisco’s open source version, and osMUD.org, and commercial versions built by Yikes! and Cisco. Google has implemented a MUD manager as for build management. And of course you can build your own MUD file for your device by going to https://www.mudmaker.org.
MUD is part of a nutritious meal, but it is not the whole meal. Manufacturers should always use best coding practices, and update firmware and software promptly when they learn of vulnerabilities and exploits
Next Steps
It’s time for manufacturers to implement! Protect your devices with MUD!