MUD (Manufacturer Usage Description, RFC 8520).

An IETF standard for IoT devices to publish a machine-readable description of their intended network behavior, which routers and switches can use to automatically constrain the device to its expected communication patterns. 它属于网络安全的 OT / ICS / 物联网 分类。

An IETF standard for IoT devices to publish a machine-readable description of their intended network behavior, which routers and switches can use to automatically constrain the device to its expected communication patterns.

Manufacturer Usage Description (MUD, RFC 8520), published by the IETF in 2019, is a framework for IoT devices to advertise to the network exactly what communication they need. A MUD-aware device sends a MUD URL during DHCP, LLDP, or 802.1X — pointing to a small JSON file (the 'MUD file') hosted by the manufacturer. The MUD file describes intended endpoints (controller cloud services, NTP servers, etc.), allowed protocols, and allowed peer roles in a structured policy language. A MUD-aware switch, router, or NAC translates that description into per-device ACLs or microsegmentation rules, denying everything outside the manufacturer's declared behavior. The intent is to make 'one camera-vendor's botnet' impossible — a compromised IP camera cannot scan or pivot to other internal hosts because the network refuses anything outside the device's declared profile. NIST SP 1800-15 published a reference architecture and Cisco, Aruba, and several IoT-security vendors implement MUD or MUD-like profiles. Adoption is limited because it requires manufacturer participation, but MUD remains the most concrete IETF answer to the 2016-Mirai-class IoT worm threat.

针对 MUD (Manufacturer Usage Description, RFC 8520) 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Manufacturer Usage Description, RFC 8520 MUD。