IETF NEA WG (NEA = Network Endpoint Assessment) - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

IETF NEA WG (NEA = Network Endpoint Assessment)

Description:

Posture Broker (PB) protocol. NEA Client. NEA Server. Posture Transport (PT) protocols ... Broker. Server. Inventory. Message. 0. Endpoint Assessment Triggered ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 19
Provided by: stephen204
Learn more at: http://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: IETF NEA WG (NEA = Network Endpoint Assessment)


1
IETF NEA WG(NEA Network Endpoint Assessment)
  • nea-request_at_ietf.org
  • Chairs Steve Hanna, Juniper shanna_at_juniper.net
  • Susan Thomson, Cisco sethomso_at_cisco.com
  • IETF 67, Tuesday, November 7, 2006, 320 PM
    520 PM

2
Agenda Review
  • 320 Blue Sheets, Jabber Minutes Scribes
  • 325 Agenda Bashing
  • 330 NEA Milestones
  • 340 Discussion of Requirements I-D
  • 510 Next Steps
  • 520 Adjourn

3
NEA Milestones
  • First Milestones
  • Prepare NEA Requirements I-D (Nov-Jan)
  • WGLC on NEA Requirements I-D (Feb 07)
  • IETF LC on NEA Requirements I-D (Apr 07)
  • Then well add milestones for PA, PB, etc.
  • Subject to AD approval

4
NEA Roles and Responsibilities
  • NEA Requirements Design Team and Editors
  • Volunteers solicited on list and at IETF 67
  • Selected by NEA WG chairs
  • Develop initial Requirements I-D
  • Revise I-D in response to WG rough consensus
  • NEA WG Participants
  • Review draft documents
  • Discuss on email list and at IETF meetings
  • Reach rough consensus on email list
  • NEA WG Chairs
  • Select Design Teams and Editors
  • Moderate WG discussions
  • Judge rough consensus
  • Manage WG process

5
Goals for Today
  • Discuss Requirements I-D
  • Get feedback on current ideas
  • Recruit volunteers for NEA Requirements Design
    Team

6
Requirements I-D Outline
  • Abstract, Boilerplate
  • Introduction
  • Terminology
  • Applicability
  • Problem Statement
  • Reference Model
  • Use Cases
  • Requirements
  • Common
  • Protocol-specific (PA, PB, PT)
  • Security Analysis/Considerations
  • References, Editors Addresses, Acknowledgements

7
Terminology
  • Endpoint
  • A host that can be connected to a network
  • Laptop, desktop, server, printer, cell phone,any
    device with an IP address
  • Posture
  • Endpoint security-relevant configuration
  • OS and application version and patch level,
    security software configuration and status, etc.

8
Problem Statement
  • Assess endpoint posture
  • Various actions may follow
  • In-scope
  • Deliver assessment result to endpoint
  • Deliver remediation instructions to endpoint
  • Out-of-scope but must be accommodated
  • Evaluate posture policy compliance
  • Monitor compliance
  • Binding to network access control protocols
  • Remediate
  • Identify lying endpoints

9
NEA Reference Model
NEA Client
NEA Server
Posture Collectors
Posture Validators
Posture Attribute (PA) protocol
Posture Broker (PB) protocol
Posture Broker Client
Posture Broker Server
Posture Transport (PT) protocols
Network Access Requestor
Network Access Authority
Network Enforcement Device
10
NEA Reference Model
NEA Client
NEA Server
Posture Collectors
Posture Validators
Posture Attribute (PA) protocol
Posture Broker (PB) protocol
Posture Broker Client
Posture Broker Server
Posture Transport Client
Posture Transport Server
Posture Transport (PT) protocols
11
Use Cases
  • Goals
  • Span the problem space
  • Drive requirements
  • Non-Goals
  • List all use cases
  • Describe details of PT protocols

12
Types of Flows
  • Initial assessment of endpoint
  • Triggered by Network Connection
  • Triggered by Service Request
  • Re-assessment of endpoint
  • Triggered by NEA Server (timer, event, etc.)
  • Triggered by NEA Client (timer, event, etc.)

13
Types of Attributes
  • Endpoint Data (client to server)
  • By value
  • By reference
  • Compliance Policy (server to client)
  • Compliance Policy Evaluation Results (client to
    server)
  • Cryptographic Protocols (multiple round trips)
  • Proof of possession
  • Replay protection mechanisms
  • Compliance Result (server to client)
  • Remediation Instructions (server to client)

14
Employee John Smith
InventoryMessage
  • 0. Endpoint Assessment Triggered By Network
    Connection
  • Software Inventory Reported and Logged

NEA Client
NEA Server
Log
Inventory Collector
Inventory Validator
Posture Broker Client
Posture Broker Server
Posture Transport Client
Posture Transport Server
15
Professor Jane Doe
PatchMessage
AdvisoryMessage
  • 0. Endpoint Assessment Triggered By Service
    Request
  • Patch Management Collector Reports Patch Levels
  • Patch Management Validator sends Upgrade Advisory

NEA Client
NEA Server
Patch Mgmt Collector
Patch Mgmt Validator
Posture Broker Client
Posture Broker Server
Posture Transport Client
Posture Transport Server
16
Colonel Mustard
ChangeMessage
RemednMessage
All ClearMessage
  • 0. Constant Monitoring in Place
  • Security Collector Detects Posture Change
  • Security Collector Triggers Reassessment
  • Access Limited
  • Automated Remediation
  • Reassessment
  • Access Restored

NEA Client
NEA Server
Security Collector
Security Validator
Posture Broker Client
Posture Broker Server
Posture Transport Client
Posture Transport Server
Enforcement
17
Other Use Cases?
  • Other use cases that
  • Must be addressed by NEA
  • Drive new PA, PB, or PT requirements

18
Next Steps
  • Solicit Design Team Contributors
  • Through November 16
  • Start Design Team Weekly Concalls
  • Week of November 27
  • First Requirements I-D Posted
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "IETF NEA WG (NEA = Network Endpoint Assessment)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!