Download presentation
Presentation is loading. Please wait.
1
IETF NEA WG (NEA = Network Endpoint Assessment) nea[-request]@ietf.org Chairs:Steve Hanna, Junipershanna@juniper.net Susan Thomson, Ciscosethomso@cisco.com IETF 67, Tuesday, November 7, 2006, 3:20 PM – 5:20 PM
2
November 7, 2006IETF NEA WG2 Agenda Review 3:20Blue Sheets, Jabber & Minutes Scribes 3:25Agenda Bashing 3:30NEA Milestones 3:40Discussion of Requirements I-D 5:10Next Steps 5:20Adjourn
3
November 7, 2006IETF NEA WG3 NEA Milestones First Milestones –Prepare NEA Requirements I-D (Nov-Jan) –WGLC on NEA Requirements I-D (Feb ‘07) –IETF LC on NEA Requirements I-D (Apr ‘07) Then we’ll add milestones for PA, PB, etc. –Subject to AD approval
4
November 7, 2006IETF NEA WG4 NEA Roles and Responsibilities NEA Requirements Design Team and Editors –Volunteers solicited on list and at IETF 67 –Selected by NEA WG chairs –Develop initial Requirements I-D –Revise I-D in response to WG rough consensus NEA WG Participants –Review draft documents –Discuss on email list and at IETF meetings –Reach rough consensus on email list NEA WG Chairs –Select Design Teams and Editors –Moderate WG discussions –Judge rough consensus –Manage WG process
5
November 7, 2006IETF NEA WG5 Goals for Today Discuss Requirements I-D –Get feedback on current ideas Recruit volunteers for NEA Requirements Design Team
6
November 7, 2006IETF NEA WG6 Requirements I-D Outline Abstract, Boilerplate Introduction Terminology Applicability Problem Statement Reference Model Use Cases Requirements –Common –Protocol-specific (PA, PB, PT) Security Analysis/Considerations References, Editors’ Addresses, Acknowledgements
7
November 7, 2006IETF NEA WG7 Terminology Endpoint –A host that can be connected to a network Laptop, desktop, server, printer, cell phone, any device with an IP address Posture –Endpoint security-relevant configuration OS and application version and patch level, security software configuration and status, etc.
8
November 7, 2006IETF NEA WG8 Problem Statement Assess endpoint posture Various actions may follow –In-scope Deliver assessment result to endpoint Deliver remediation instructions to endpoint –Out-of-scope but must be accommodated Evaluate posture policy compliance Monitor compliance Binding to network access control protocols Remediate Identify lying endpoints
9
November 7, 2006IETF NEA WG9 NEA Reference Model Posture Collectors Posture Validators Network Access Authority Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Network Enforcement Device Posture Transport (PT) protocols Network Access Requestor Posture Broker Client Posture Broker Server
10
November 7, 2006IETF NEA WG10 NEA Reference Model Posture Collectors Posture Validators Posture Transport Server Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Posture Transport (PT) protocols Posture Transport Client Posture Broker Client Posture Broker Server
11
November 7, 2006IETF NEA WG11 Use Cases Goals –Span the problem space –Drive requirements Non-Goals –List all use cases –Describe details of PT protocols
12
November 7, 2006IETF NEA WG12 Types of Flows Initial assessment of endpoint –Triggered by Network Connection –Triggered by Service Request Re-assessment of endpoint –Triggered by NEA Server (timer, event, etc.) –Triggered by NEA Client (timer, event, etc.)
13
November 7, 2006IETF NEA WG13 Types of Attributes Endpoint Data (client to server) –By value –By reference Compliance Policy (server to client) Compliance Policy Evaluation Results (client to server) Cryptographic Protocols (multiple round trips) –Proof of possession –Replay protection mechanisms Compliance Result (server to client) Remediation Instructions (server to client)
14
November 7, 2006IETF NEA WG14 Log Employee John Smith Inventory Collector Inventory Validator Posture Transport Server Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Posture Transport (PT) protocols Posture Transport Client Posture Broker Client Posture Broker Server Inventory Message 0.Endpoint Assessment Triggered By Network Connection Software Inventory Reported and Logged
15
November 7, 2006IETF NEA WG15 Professor Jane Doe Patch Mgmt Collector Patch Mgmt Validator Posture Transport Server Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Posture Transport (PT) protocols Posture Transport Client Posture Broker Client Posture Broker Server Patch Message 0.Endpoint Assessment Triggered By Service Request Patch Management Collector Reports Patch Levels Patch Management Validator sends Upgrade Advisory Advisory Message
16
November 7, 2006IETF NEA WG16 Colonel Mustard Security Collector Security Validator Posture Transport Server Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Posture Transport (PT) protocols Posture Transport Client Posture Broker Client Posture Broker Server Change Message 0.Constant Monitoring in Place 1.Security Collector Detects Posture Change 2.Security Collector Triggers Reassessment 3.Access Limited Remedn Message 4.Automated Remediation 5.Reassessment 6.Access Restored All Clear Message Enforcement
17
November 7, 2006IETF NEA WG17 Other Use Cases? Other use cases that: –Must be addressed by NEA –Drive new PA, PB, or PT requirements
18
November 7, 2006IETF NEA WG18 Next Steps Solicit Design Team Contributors –Through November 16 Start Design Team Weekly Concalls –Week of November 27 First Requirements I-D Posted
Similar presentations
