Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.

Slides:



Advertisements
Similar presentations
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Advertisements

Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Secure Socket Layer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
OSI Model OSI LAYER / MODEL.
IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Data Networking Fundamentals Unit 7 7/2/ Modified by: Brierley.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
Process-to-Process Delivery:
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Chapter Internetworking Part 4 (Transport Protocols, UDP and TCP, Protocol Port Numbers)
1 Transport Layer Computer Networks. 2 Where are we?
Wireless and Security CSCI 5857: Encoding and Encryption.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.
Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.
An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.
M3UA Patrick Sharp.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Lectured By: Vivek Dimri Assistant Professor, CSE Dept. SET, Sharda University, Gr. Noida.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 2.5 Internetworking Chapter 25 (Transport Protocols, UDP and TCP, Protocol Port Numbers)
TCP1 Transmission Control Protocol (TCP). TCP2 Outline Transmission Control Protocol.
Chapter 21 Distributed System Security Copyright © 2008.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
SACM Requirements Nancy Cam-Winget March 2014.
NEA Requirement I-D IETF 68 – Prague Paul Sangster Symantec Corporation.
Mar 22, 2010IETF NEA Meeting1 NEA Working Group (oauth is in Redondo!) IETF 77 Mar 22, Co-chairs:
NEA Working Group IETF 80 March 29, 2011 Mar 29, 2011IETF NEA Meeting1.
NEA Requirements Update -06 version summary. Posture Transport Considerations Issue –Ability of existing protocols used for network access to meet requirements.
Multimedia and Networks. Protocols (rules) Rules governing the exchange of data over networks Conceptually organized into stacked layers – Application-oriented.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
TNC Proposals for NEA Protocols Presentation by Steve Hanna to NEA WG meeting at IETF 71 March 11, 2008.
Mutual Network Endpoint Assessment Jiwei Wei Han Yin Ke Jia IETF
OSI Reference Model. Open Systems Interconnection (OSI) Model International standard organization (ISO) established a committee in 1977 to develop an.
NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna
AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?
Multiplexing Team Members: Cesar Chavez Arne Solas Steven Fong Vi Duong David Nguyen.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
August 2, 2005 IETF 63 – Paris, France Media Independent Handover Services and Interoperability Ajay Rajkumar Chair, IEEE WG.
NEA Working Group IETF meeting July 27, 2011 Jul 27, 2011IETF 81 - NEA Meeting1.
NEA Working Group IETF 72 Co-chairs: Steve Hanna Susan
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Cryptography CSS 329 Lecture 13:SSL.
1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.
DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.
Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting.
1 Chapter 24 Internetworking Part 4 (Transport Protocols, UDP and TCP, Protocol Port Numbers)
Working at a Small-to-Medium Business or ISP – Chapter 8
Understand the OSI Model Part 2
Data Networking Fundamentals
draft-ietf-geopriv-lbyr-requirements-02 status update
draft-fitzgeraldmckay-sacm-endpointcompliance-00
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Chinese wall model in the internet Environment
Computer Networks Protocols
Presentation transcript:

Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.

Dec 5, 2007NEA Working Group2 Agenda Summary of Changes July-Nov ‘07 –(-03 through -05 versions) –Common Requirements –PA –PB –PT Open Mike

Dec 5, 2007NEA Working Group3 Common changes summary Reworded multiple round-trip requirement (C1): –“NEA protocols MUST support multiple round trips between the NEA Client and NEA Server in a single assessment. ” Consolidated two requirements (C2) –Assessment and re-assessment as needed Qualified security requirement to make configurable (C3) –“protocols including security capabilities” Moved in bandwidth/latency requirement from PT (C8) Moved in Internationalization Requirement from PA (C- 10) Removed an explicit requirement (in -03) to support “assessment modes that reduce the amount of information exchanged for assessment”

Dec 5, 2007NEA Working Group4 PA Changes summary Communication of attributes (PA 1,2) –Tightened to be consistent between standard and vendor-specific attributes requirements –Included extensibility of attribute sets Clarified need to support multiple attribute requests by Posture Validator in a single assessment (PA3) Validator -> Collector attributes (PA4) –Consolidated requirements (remediation & results) and generalized to attributes PA Security (PA5) –From MUST to SHOULD (providing authentication, message integrity and confidentiality)

Dec 5, 2007NEA Working Group5 PB changes Summary Generalized server->client attributes requirements (results, remediation,…) (PB1) Added: Opacity (PB2) –MUST NOT interpret PA contents Added: MUST support half-duplex PT protocols (PB4) –PB will use full-duplex when PT allows it Security: PB server & PB client terminology (PB5) –In place of NEA server & NEA client terminology.

Dec 5, 2007NEA Working Group6 PT changes summary Added: Opacity (PT-1) –MUST NOT interpret PB/PA contents Security (PT-2) –Consolidated requirements: confidentiality, message integrity with mutual authentication and replay protection clauses Transport requirements (PT-4, PT-5) –specify re-use of existing access protocols for PT –Ability to run over TCP or UDP transports

Dec 5, 2007NEA Working Group7 Common Requirements C-1 NEA protocols MUST support multiple round trips between the NEA Client and NEA Server in a single assessment. C-2 NEA protocols SHOULD provide a way for both the NEA Client and the NEA Server to initiate a posture assessment or reassessment as needed. C-3 NEA protocols including security capabilities MUST be capable of protecting against active and passive attacks by intermediaries and endpoints including prevention from replay based attacks. C-4 The PA and PB protocols MUST be capable of operating over any PT protocol. C-5 The selection process for NEA protocols MUST evaluate and prefer the reuse of existing open standards that meet the requirements before defining new ones.

Dec 5, 2007NEA Working Group8 Common Requirements C-6 NEA protocols MUST be highly scalable; the protocols MUST support many Posture Collectors on a large number of NEA Clients… C-7 The protocols MUST support efficient transport of a large number of attribute messages between the NEA Client and the NEA Server. C-8 NEA protocols MUST operate efficiently over low bandwidth or high latency links. C-9 For any strings intended for display to a user, the protocols MUST support adapting these strings to the user's language preferences. C-10 NEA protocols MUST support encoding of strings in UTF-8 format.

Dec 5, 2007NEA Working Group9 PA Requirements PA-1 The PA protocol MUST support communication of an extensible set of NEA standards defined attributes. These attributes will be uniquely identifiable from non-standard attributes. PA-2 The PA protocol MUST support communication of an extensible set of vendor-specific attributes. These attributes will be segmented into uniquely identifiable vendor specific name spaces. PA-3 The PA protocol MUST enable a Posture Validator to make one or more requests for attributes from a Posture Collector within a single assessment.

Dec 5, 2007NEA Working Group10 PA Requirements PA-4 The PA protocol MUST be capable of returning attributes from a Posture Validator to a Posture Collector. PA-5 The PA protocol SHOULD provide authentication, integrity, and confidentiality of attributes communicated between a Posture Collector and Posture Validator. PA-6 The PA protocol MUST be capable of carrying attributes that contain non-binary and binary data including encrypted content.

Dec 5, 2007NEA Working Group11 PB Requirements PB-1 The PB protocol MUST be capable of carrying attributes from the Posture Broker Server to the Posture Broker Client. PB-2 The PB protocol MUST NOT interpret the contents of PA messages being carried, i.e., the data it is carrying must be opaque to it. PB-3 The PB protocol MUST carry unique identifiers that are used by the Posture Brokers to route (deliver) PA messages between Posture Collectors and Posture Validators. Such message routing should facilitate dynamic registration or deregistration of Posture Collectors and Validators.

Dec 5, 2007NEA Working Group12 PB Requirements PB-4 The PB protocol MUST be capable of supporting a half-duplex PT protocol. However this does not preclude PB from operating full- duplex when running over a full-duplex PT. PB-5 The PB protocol MAY support authentication, integrity and confidentiality protection for the attribute messages it carries between a Posture Broker Client and Posture Broker Server. This provides security protection for a message dialog of the groupings of attribute messages exchanged between the Posture Broker Client and Posture Broker Server. PB-6 The PB protocol MUST support grouping of attribute messages to optimize transport of messages and minimize round trips.

Dec 5, 2007NEA Working Group13 PT Requirements PT-1 The PT protocol MUST NOT interpret the contents of PB messages being transported, i.e., the data it is carrying must be opaque to it. PT-2 The PT protocol MUST be capable of supporting mutual authentication, integrity, confidentiality and replay protection of the PB messages between the Posture Transport Client and the Posture Transport Server. PT-3 The PT protocol MUST provide reliable delivery for the PB protocol. This includes the ability to perform fragmentation and reassembly, detect duplicates, and reorder to provide in- sequence delivery, as required.

Dec 5, 2007NEA Working Group14 PT Requirements PT-4 The PT protocol SHOULD be able to run over existing network access protocols such as 802.1X and IKEv2. PT-5 The PT protocol SHOULD be able to run between a NEA Client and NEA Server over TCP or UDP (similar to LDAP).

Dec 5, 2007NEA Working Group15 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.