NEA Requirements Update -06 version summary. Posture Transport Considerations Issue –Ability of existing protocols used for network access to meet requirements.

Slides:

Advertisements

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Advertisements

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.

Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Guide to Network Defense and Countermeasures Second Edition

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.

IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

Protected Extensible Authentication Protocol

Data Security in Local Networks using Distributed Firewalls

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.

1 SIPREC Requirements IETF #80 Authors: K. Rehor, A. Hutton, L. Portman, R. Jain, H. Lam.

NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

#ICANN51 1 Standing Committee on Improvements Implementation (SCI) Activities Update to the GNSO Council ICANN-51 Los Angeles Meeting 11 October 2014.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

SACM Requirements Nancy Cam-Winget March 2014.

Draft-ietf-sidr-bgpsec-protocol Matt Lepinski

X.509 extension with security information draft-chen-pkix-securityinfo-00 IETF 79

NEA Requirement I-D IETF 68 – Prague Paul Sangster Symantec Corporation.

SACM Scope Discussion IETF-92 Meeting March 23, 2015 Dave Waltermire Adam Montville.

Proposals for Improvements to the RAA June 22, 2010.

Node Information Queries July 2002 Yokohama IETF Bob Hinden / Nokia.

Multiple Interfaces (MIF) WG IETF 79, Beijing, China Margaret Wasserman Hui Deng

RADEXT WG IETF 91 Rechartering. Why? Current charter doesn’t allow us to take on new work that is waiting in the queue Has an anachronistic Diameter entanglement.

Draft-ietf-rddp-security-02 Summary of outstanding issues August 4, 2004 Jim Pinkerton.

Mutual Network Endpoint Assessment Jiwei Wei Han Yin Ke Jia IETF

12/8/2015 draft-blb-mpls-tp-framework-01.txt A framework for MPLS in Transport networks draft-blb-mpls-tp-framework-01.txt Stewart Bryant (Cisco), Matthew.

NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna

Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.

ConEx Concepts and Abstract Mechanism draft-ietf-conex-abstract-mech-01.txt draft-ietf-conex-abstract-mech-01.txt Matt Mathis, Google Bob Briscoe, BT IETF-80.

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.

1 ForCES Applicability Statement Alan Crouch Mark Handley Hormuzd Khosravi 65 th IETF Meeting, Dallas.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

PAGE 1 A Firewall Control Protocol (FCON) draft-soliman-firewall-control-00 Hesham Soliman Greg Daley Suresh Krishnan

IPv4 over IEEE IP CS draft-ietf-16ng-ipv4-over-802-dot-16-ipcs-03 Samita Chakrabarti IP Infusion Syam Madanapalli Ordyn Technologies Daniel Park.

Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.

Multiple Interfaces (MIF) WG documents status MIF WG IETF 80, Prague Problem statement and current practices documents.

SPPP Transport Session Peering Provisioning Protocol draft-ietf-drinks-sppp-over-soap-04.

1 rserpool-comp-06.ppt / 14 July 2003 / John Loughney IETF 57 Comparison of Protocols for Reliable Server Pooling John Loughney.

SPEERMINT Architecture - Reinaldo Penno Juniper Networks SPEERMINT, IETF 70 Vancouver, Canada 2 December 2007.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt Flow Distribution Rule Language for Multi-Access Nodes draft-larsson-mext-flow-distribution-rules-01.

J. Halpern (Ericsson), C. Pignataro (Cisco)

Softwire Security Update Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota 67 IETF, San Diego.

Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.

Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:

Goals of soBGP Verify the origin of advertisements

Softwire Security Update

Nancy Cam-Winget June 2015 SACM Requirements Nancy Cam-Winget June 2015.

Working at a Small-to-Medium Business or ISP – Chapter 7

draft-fitzgeraldmckay-sacm-endpointcompliance-00

Working at a Small-to-Medium Business or ISP – Chapter 7

Direct Attached Storage and Introduction to SCSI

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

IEEE 802 EC Privacy Recommendation SG Comments on 802c PAR and CSD

Working at a Small-to-Medium Business or ISP – Chapter 7

draft-ipdvb-sec-01.txt ULE Security Requirements

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

Chapter 1 Key Security Terms.

draft-ietf-dtn-bpsec-06

Presentation transcript:

NEA Requirements Update -06 version summary

Posture Transport Considerations Issue –Ability of existing protocols used for network access to meet requirements for PT. Large data volumes Server initiated reassessment Resolution –Added text to Section of -06 version that acknowledges constraints of certain candidate PT protocols and suggests a couple of deployment considerations. Deployment perform limited assessment during network connections while using a constrained posture transport Limited network access granted to allow a full posture assessment to happen over TCP based transport.

Security Considerations Issues –Active man-in-the-middle attacks on NEA deployments. –Attacks on components that trigger posture assessment Resolution –Section already describes mechanisms for protecting NEA protocols against passive and active MITM attacks. –Protection against “lying” endpoints is out of scope of NEA protocols as described in the charter. –Protection of triggers for posture assessment are out of scope. Added text to Section 8 of -06 version to clarify and suggest implementations address this issue.

Other comments Need to expand NEA Reference Model to include entities that initiate posture assessment and consume posture results. –These entities are out of scope as per charter. Scalability concerns when a large number of endpoints require simultaneous assessment. –Assertion attributes address this at a protocol level. –Deployment policies are out-of-scope. Gen ART review –Addressed comments in -06 version.