Presentation is loading. Please wait.

Presentation is loading. Please wait.

Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting.

Similar presentations


Presentation on theme: "Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting."— Presentation transcript:

1 Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting

2 NEA Reference Model from RFC 5209 Posture Collectors Posture Validators Posture Transport Server Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Posture Transport (PT) protocols Posture Transport Client Posture Broker Client Posture Broker Server November 5, 20122IETF 85 - SACM Meeting

3 Basic TNC Architecture Policy Decision Point Policy Enforcement Point Access Requestor Verifiers t Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) IF-M IF-IMCIF-IMV Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority IF-T IF-PEP TNC Server (TNCS) TNC Client (TNCC) IF-TNCCS http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications November 5, 20123IETF 85 - SACM Meeting

4 NEA With EAP Transport (PT-EAP) November 5, 2012IETF 85 - SACM Meeting4 Non-compliant System Windows 7 x OSHotFix 2499 x OSHotFix 9288 AV - McAfee Virus Scan 8.0 Firewall NEA Client Remediation Network Compliant System Windows 7 OSHotFix 2499 OSHotFix 9288 AV - Symantec AV 10.1 Firewall Production Network Policy Enforcement Point Policy Decision Point Policy Windows 7 OSHotFix 2499 OSHotFix 9288 AV (one of) Symantec AV 10.1 McAfee Virus Scan 8.0 Firewall PA-TNC/PB-TNC/PT-EAP

5 NEA With TLS Transport (PT-TLS) November 5, 2012IETF 85 - SACM Meeting5 Access Requestor Compliant System Windows 7 OSHotFix 2499 OSHotFix 9288 AV - Symantec AV 10.1 Firewall Policy Decision Point Policy Windows 7 OSHotFix 2499 OSHotFix 9288 AV (one of) Symantec AV 10.1 McAfee Virus Scan 8.0 Firewall PA-TNC/PB-TNC/PT-TLS

6 SCAP Messages for IF-M Policy Decision Point Policy Enforcement Point Access Requestor Verifiers t Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) IF-M IF-IMCIF-IMV Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority IF-T IF-PEP TNC Server (TNCS) TNC Client (TNCC) IF-TNCCS http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications November 5, 20126IETF 85 - SACM Meeting SCAP

7 IF-MAP: Secure Dynamic Info Sharing Policy Decision Point Policy Enforcement Point Access Requestor Verifiers t Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) IF-M IF-IMCIF-IMV Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority IF-T IF-PEP TNC Server (TNCS) TNC Client (TNCC) IF-TNCCS Metadata Access Point Sensors and Flow Controllers Metadata Access Point IF-MAP Sensor IF-MAP Flow Controller IF-MAP http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications November 5, 20127IETF 85 - SACM Meeting


Download ppt "Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting."

Similar presentations


Ads by Google