Presentation is loading. Please wait.

Presentation is loading. Please wait.

Synergy of the SCAP Program and IETF Activities BOF

Published byGladys Wilson Modified over 8 years ago

Similar presentations

Presentation on theme: "Synergy of the SCAP Program and IETF Activities BOF"— Presentation transcript:

1 Synergy of the SCAP Program and IETF Activities BOF
November 9, 2010 IETF 79 Beijing, China Chairs: Kent Landfield Steve Hanna List:

2 Synergy of the SCAP Program and IETF Activities BOF
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: The IETF plenary session The IESG, or any member thereof on behalf of the IESG Any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices Any IETF working group or portion thereof The IAB or any member thereof on behalf of the IAB The RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879). Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 5378 and RFC 3979 for details. A participant in any IETF activity is deemed to accept all IETF rules of process, as documented in Best Current Practices RFCs and IESG Statements. A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public. November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

3 Synergy of the SCAP Program and IETF Activities BOF
BOF Agenda Welcome and Agenda Overview, Logistics NIST and SCAP Tim Grance (10 minutes) SCAP Overview David Waltermire and Kent Landfield (40 minutes) Compare and Contrast MIBs and Yang Modules with SCAP capabilities Juergen Schoenwaelder (20 minutes) NEA/SCAP Integration Steve Hanna (30 minutes) CYBEX Usage of SCAP Specifications Takeshi Takahashi (15 minutes) Customer Perspective – Boeing Stephen Whitlock (10 minutes) Open Mic - 45 minutes November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

4 Synergy of the SCAP Program and IETF Activities BOF
BOF Participation Date: Tuesday, November 9, 2010 Time: BOF info: BOF archive: Jabber discussion access: Listen to audio at: November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

5 Synergy of the SCAP Program and IETF Activities BOF
Tim Grance, US National Institute of Standards and Technology NIST and SCAP November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

6 NIST & Security Automation
Committed to supporting the role of open voluntary international industry consensus standards bodies See this SCAP BOF exploration as an important step in that direction Need to build consensus with the private and public sectors Understand that change in specifications by the standards body, with wide stakeholder consultation is necessary and appropriate November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

7 Synergy of the SCAP Program and IETF Activities BOF
Kent Landfield, McAfee David Waltermire, US National Institute of Standards and Technology SCAP Overview November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

8 Synergy of the SCAP Program and IETF Activities BOF
Why are we here? Meet and greet between SCAP and the IETF SCAP has achieved a great deal but is looking for the maturity of the IETF standardization process to take the next step forward Trying to determine if it makes sense to move development of some SCAP specifications into the IETF November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

9 Synergy of the SCAP Program and IETF Activities BOF
What is SCAP ? Secure Content Automation Protocol (SCAP) is a suite of selected open specifications that enumerate software flaws, security related configuration issues, and product names; measure systems to determine the presence of vulnerabilities; and provide mechanisms to rank (score) the results of these measurements in order to evaluate the impact of the discovered security issues. SCAP defines how these specifications are combined. November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

10 Synergy of the SCAP Program and IETF Activities BOF
What is SCAP NOT! Not a single Protocol Not serving a single use case Does not exist only to support the US government Not a compliance only set of standards Not an English-only set of specifications and uses November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

11 Synergy of the SCAP Program and IETF Activities BOF
SCAP Value Feature Benefit Standardizes how computers communicate vulnerability information – the specifications Enables interoperability for products and services of various manufacture Standardizes what vulnerability information computers communicate – the content Enables repeatability across products and services of various manufacture Reduces content-based variance in operational decisions and actions Based on open community developed specifications Harnesses the collective brain power of the masses for creation and evolution Adapts to a wide array of use cases Applicable to many different Risk Management Frameworks – Assess, Monitor, Implement Reduces time, effort, and expense of risk and security management processes Detailed traceability to multiple security mandates and guidelines Automates portions of compliance demonstration and reporting Reduces chance of misinterpretation between Inspector General/auditors and operations teams Enables the assessment and reporting of security controls Automates compliance demonstration and reporting November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF 11

12 Current SCAP Vendors

13 SCAP Community Information
Community References: SCAP Homepage: SCAP Validated Tools: National Checklist Program: National Vulnerability Database: November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

14 What are we trying to accomplish?
Provide a standardized means for developing security content Provide standardized and actionable results Provide a means for real interoperability between security products Provide visibility into the security posture of an enterprise Reduce the cost of managing networked environments November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

15 Synergy of the SCAP Program and IETF Activities BOF
What is SCAP? (1 of 3) The Security Content Automation Protocol Created to bring together existing specifications and to provide a standardized approach to maintaining the security of enterprise systems SCAP ... provides a means to identify, express and measure security data in standardized ways. is a suite of individually maintained, open specifications defines how these specification are used in concert includes standardized reference data -- SCAP Content November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

16 What is SCAP? (2 of 3) Languages Enumerations Metrics
Community developed Machine readable XML Reporting Representing security checklists Detecting machine state Product names Vulnerabilities Configuration items Languages Means of providing instructions Enumerations Convention for identifying and naming Metrics Risk scoring framework Transparent Base Temporal Environmental November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

17 Synergy of the SCAP Program and IETF Activities BOF
What is SCAP? (3 of 3) CVE Common Vulnerability Enumeration Standard nomenclature and dictionary of security related software flaws CCE Common Configuration Enumeration Standard nomenclature and dictionary of software misconfigurations CPE Common Platform Enumeration Standard nomenclature and dictionary for product naming XCCDF eXtensible Checklist Configuration Description Format Standard XML for specifying checklists and for reporting results of checklist evaluation OVAL Open Vulnerability and Assessment Language Standard XML for test procedures OCIL Open Checklist Interactive Language Standard XML for human interaction CVSS Common Vulnerability Scoring System Standard for measuring the impact of vulnerabilities Naming Expressing Assessing Present each specification Discuss the benefits of standardized naming. Discuss the use of XCCDF to describe the “what” Discuss how XCCDF “expresses” security automation content by utilizing standardized identifiers and by referencing assessment capabilities. Discuss the use of assessment languages as the “how” Scoring November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

18 What are SCAP’s Use Cases? (1 of 2)
SCAP Use Cases: Configuration Management – determine whether system configuration settings comply with organizational policies Vulnerability Management – detect and prioritize known vulnerabilities (software flaws) on a system Patch Compliance – determine whether appropriate patches have been applied on a system System Inventory – identify products installed on the system (e.g., hardware, operating system, and applications) Malware Detection – detect presence of malware on a system, allowing zero day signature building for consumption by SCAP validated products The remainder of this presentation will focus primarily on the configuration and vulnerability management use cases. November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

19 What are SCAP’s Use Cases? (2 of 2)
Asset Management Vulnerability Management Configuration CVE CVSS CPE CCE SCAP OVAL Compliance Management XCCDF Misconfiguration & Patch Compliance Malware Detection Software Inventory The SCAP components are specifications2 that standardize the format and nomenclature security software uses to communicate information about software flaws and security configurations. SCAP can also be used as part of asset and compliance management processes. 2The Take-Away Sheets include more information on the 7 specifications. November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

20 eXtensible Checklist Content Description Format (XCCDF)
Internet Draft: draft-waltermire-scap-xccdf-00 eXtensible Checklist Content Description Format (XCCDF) November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

21 Synergy of the SCAP Program and IETF Activities BOF
What is XCCDF? The Extensible Configuration Checklist Description Format IETF I-D: draft-waltermire-scap-xccdf-00 An XML-based specification Expresses security checklists supporting multiple use cases Expresses the results of an assessment November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

22 XCCDF Functional Use Cases
Document XCCDF HTML XML Other tools Discuss that compliance tools were the initial use of XCCDF, but new uses are currently being explored to support vulnerability management and network access control. Compliance tools November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

23 XCCDF and Checking Engines
XCCDF does not specify platform-specific rule checking logic. The Rule/check element contains information for driving a platform-specific checking engine. XCCDF Benchmark Evaluation Tool XCCDF Benchmark Platform-specific checking engine Target system Tailoring values, Tests to perform Test results Check engines as an abstraction layer. Enables the assessment of different types of targets (desktops, servers, network devices, humans) November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

24 XCCDF and Check System Interaction
Support guidance tailoring and customization Guidance Structure and Customization Collect, structure, and organize guidance Score and track general compliance Define tests to check compliance Check Engine Assessment Define state evaluation logic Characterize state details November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

25 Synergy of the SCAP Program and IETF Activities BOF
XCCDF Data Model XCCDF defines the following key object types: Benchmark The complete document An individual recommendation Rule Group A set of related recommendations and values; can be nested Value Support tailoring, guidance for multiple roles, rule reuse Profile November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

26 Synergy of the SCAP Program and IETF Activities BOF
XCCDF Summary Enables authoritative definition of security policy/guidance that can be shared across a community Reduces interpretation errors caused by converting prose guidance into an automatable form Enables interoperability between tools Standardized content Consistent result reporting November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

27 Naming Conventions for Vulnerabilities and Configurations
Internet Draft: draft-landfield-scap-naming-00 Naming Conventions for Vulnerabilities and Configurations November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

28 Common Vulnerabilities and Exposures (CVE)
Dictionary of standardized descriptions for vulnerabilities and exposures Over 40,000 entries Publicly accessible for review or download from the Internet ID: CVE Description: Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." Reference: BUGTRAQ : ZDI Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability Reference: MS : MS07-033 November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

29 Common Configuration Enumeration (CCE)
Assigns standardized identifiers to configuration issues/items, allowing comparability and correlation Over 10,000 entries ID: CCE Description: The "restrict guest access to application log" policy should be set correctly. Technical Mechanisms: (1)HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RestrictGuestAccess (2) defined by Group Policy Parameter: enabled/disabled November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

30 Naming Convention Summary
When dealing with information from multiple sources, use of naming conventions can: improve data correlation enable interoperability foster automation November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

31 Compare and Contrast MIBs and Yang Modules with SCAP capabilities
Juergen Schoenwaelder Compare and Contrast MIBs and Yang Modules with SCAP capabilities November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

32 NEA and SCAP Integration
Steve Hanna NEA and SCAP Integration November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

33 NEA Reference Model from RFC 5209
NEA Client NEA Server Posture Attribute (PA) protocol Posture Collectors Posture Validators Posture Broker (PB) protocol Posture Broker Client Posture Broker Server Posture Transport Client Posture Transport Server Posture Transport (PT) protocols November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

34 Nesting of NEA Messages
PT PB-TNC Header PB-TNC Message (Type=PB-Batch-Type, Batch-Type=CDATA) PB-TNC Message (Type=PB-PA, PA Vendor ID=0, PA Subtype= OS) PA-TNC Message PA-TNC Attribute (Type=Product Info, Product ID=Windows XP) PA-TNC Attribute (Type=Numeric Version, Major=5, Minor=3, ...) November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

35 SCAP Compliance Checks with NEA
NEA Client NEA Server Posture Attribute (PA) protocol SCAP Posture Collector SCAP Posture Validator with SCAP-related messages Posture Broker (PB) protocol Posture Broker Client Posture Broker Server Posture Transport Client Posture Transport Server Posture Transport (PT) protocols November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

36 CYBEX Usage of SCAP Specifications
Takeshi Takahashi CYBEX Usage of SCAP Specifications November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

37 Synergy of the SCAP Program and IETF Activities BOF
Stephen Whitlock, Boeing Customer perspective November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

38 Synergy of the SCAP Program and IETF Activities BOF
Open Mic Discussion November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

39 Synergy of the SCAP Program and IETF Activities BOF
Juergen’s Questions What is the focus of SCAP? A single device or a a collection of devices or the network? What can the IETF learn from previous related efforts? What has been successful and why? What failed and why? To what extent is SCAP different from just more configuration and reporting? Does SCAP integrate into the idea of network-wide configuration? November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

40 Questions for Discussion
Interest in community to move forward ? Who here would like to work on the topic? Who would be interested in editing drafts / reviewing them? Who thinks IETF should have a working group in this area? Industry Demand for Security Automation Feasible approach ? Side effects / overlaps ? Commitment potential ? November 9, 2010 Synergy of the SCAP Program and IETF Activities BOF

Download ppt "Synergy of the SCAP Program and IETF Activities BOF"

Similar presentations

IETF Calsify.

IETF Calsify.
Secure Telephone Identity Revisited STIR IETF 88.

Secure Telephone Identity Revisited STIR IETF 88.
Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.

Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.
Deterministic Networking (DetNet) BoF IETF 91 Monday 1520-1720 Afternoon Session II, Coral 1.

Deterministic Networking (DetNet) BoF IETF 91 Monday Afternoon Session II, Coral 1.
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.

OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.

L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
PPSP Working Group IETF-89 London, UK 16:10-18:40, Tuesday, 2014-3-4 Webex:http://www.ietf.org/meeting/89/remote- participation.html.

PPSP Working Group IETF-89 London, UK 16:10-18:40, Tuesday, Webex: participation.html.
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.

NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
CCAMP Working Group Online Agenda and Slides at: Tools start page:

CCAMP Working Group Online Agenda and Slides at: Tools start page:
DRINKS Interim („77.5“) Reston, VA 05.05.2010. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.

DRINKS Interim („77.5“) Reston, VA Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.
IETF 90: NetExt WG Meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft.

IETF 90: NetExt WG Meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.

MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.
Operational Security Capabilities for IP Network Infrastructure

Operational Security Capabilities for IP Network Infrastructure
DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.

DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
SIPCLF Working Group Spencer Dawkins Theo Zourzouvillys IETF 76 – November 2009 Hiroshima, Japan.

SIPCLF Working Group Spencer Dawkins Theo Zourzouvillys IETF 76 – November 2009 Hiroshima, Japan.
NETCONF WG IETF 92 - Dallas TUESDAY, March 24, 2015 1300-1500 CDT Mehmet Ersue Mahesh Jethanandani 3/24/2015 1 IETF #92- NETCONF WG session.

NETCONF WG IETF 92 - Dallas TUESDAY, March 24, CDT Mehmet Ersue Mahesh Jethanandani 3/24/ IETF #92- NETCONF WG session.
IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th 2011 0.

IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th

Similar presentations

Ads by Google