Presentation is loading. Please wait.

Presentation is loading. Please wait.

NEA Requirements Update -06 version summary. Posture Transport Considerations Issue –Ability of existing protocols used for network access to meet requirements.

Published byTheodora Hensley Modified over 8 years ago

Similar presentations

Presentation on theme: "NEA Requirements Update -06 version summary. Posture Transport Considerations Issue –Ability of existing protocols used for network access to meet requirements."— Presentation transcript:

1 NEA Requirements Update -06 version summary

2 Posture Transport Considerations Issue –Ability of existing protocols used for network access to meet requirements for PT. Large data volumes Server initiated reassessment Resolution –Added text to Section 5.2.3 of -06 version that acknowledges constraints of certain candidate PT protocols and suggests a couple of deployment considerations. Deployment perform limited assessment during network connections while using a constrained posture transport Limited network access granted to allow a full posture assessment to happen over TCP based transport.

3 Security Considerations Issues –Active man-in-the-middle attacks on NEA deployments. –Attacks on components that trigger posture assessment Resolution –Section 8.1.3 already describes mechanisms for protecting NEA protocols against passive and active MITM attacks. –Protection against “lying” endpoints is out of scope of NEA protocols as described in the charter. –Protection of triggers for posture assessment are out of scope. Added text to Section 8 of -06 version to clarify and suggest implementations address this issue.

4 Other comments Need to expand NEA Reference Model to include entities that initiate posture assessment and consume posture results. –These entities are out of scope as per charter. Scalability concerns when a large number of endpoints require simultaneous assessment. –Assertion attributes address this at a protocol level. –Deployment policies are out-of-scope. Gen ART review –Addressed comments in -06 version.

Download ppt "NEA Requirements Update -06 version summary. Posture Transport Considerations Issue –Ability of existing protocols used for network access to meet requirements."

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
© 2006 NEC Corporation - Confidential age 1 November 2008 - 1 SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.

© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.
Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.

Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.
IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,

IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
Data Security in Local Networks using Distributed Firewalls

Data Security in Local Networks using Distributed Firewalls
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.
1 SIPREC Requirements IETF #80 Authors: K. Rehor, A. Hutton, L. Portman, R. Jain, H. Lam.

1 SIPREC Requirements IETF #80 Authors: K. Rehor, A. Hutton, L. Portman, R. Jain, H. Lam.
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.

NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
#ICANN51 1 Standing Committee on Improvements Implementation (SCI) Activities Update to the GNSO Council ICANN-51 Los Angeles Meeting 11 October 2014.

#ICANN51 1 Standing Committee on Improvements Implementation (SCI) Activities Update to the GNSO Council ICANN-51 Los Angeles Meeting 11 October 2014.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

Similar presentations

Ads by Google