Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting.

Slides:



Advertisements
Similar presentations
Environmental Health Tracking Technical Team Meeting 1 Future Assessment and Needs Assessment Advisory Discussion Craig Wolff IT/GIS Manager March 5, 2003.
Advertisements

November 9, 2009IETF 76 NEA WG1 NEA Working Group IETF 76 Co-chairs: Steve Hanna
PWG-IDS Differences of the attributes between NEA and NAP protocols By Ron Nevo Sharp June 2008.
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 1 XMPP-Grid for SACM Information Transport XMPP Protocol Extensions for Use.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.
Agenda Introduction Network Access Protection platform architecture
IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Interop Labs Network Access Control Interop Las Vegas 2006 Karen O’Donoghue.
IETF-63Bridgewater/Samsung PANA RADIUS PANA RADIUS draft-ietf-pana-aaa-interworking-00.txt Avi Lior, Bridgewater Systems Alper.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect: Open.
SACM Architecture Based on TNC Standards Lisa Lorenzin & Atul Shah.
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
Introduction of Trusted Network Connect Houcheng Lee May 9, 2007.
TNC Endpoint Compliance and Network Access Control Profiles TCG Members Meeting June 2014 Barcelona Prof. Andreas Steffen Institute for Internet Technologies.
Network Access Control for Education
Copyright © 2008 Juniper Networks, Inc. 1 Network Access Control and Beyond By Steve Hanna, Distinguished Engineer, Juniper Co-Chair, Trusted.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect Briefing.
70-411: Administering Windows Server 2012
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
Synergy of the SCAP Program and IETF Activities BOF
SACM Requirements Nancy Cam-Winget March 2014.
1 IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna
NEA Requirement I-D IETF 68 – Prague Paul Sangster Symantec Corporation.
Mar 22, 2010IETF NEA Meeting1 NEA Working Group (oauth is in Redondo!) IETF 77 Mar 22, Co-chairs:
SACM Scope Discussion IETF-92 Meeting March 23, 2015 Dave Waltermire Adam Montville.
NEA Working Group IETF 80 March 29, 2011 Mar 29, 2011IETF NEA Meeting1.
NEA Requirements Update -06 version summary. Posture Transport Considerations Issue –Ability of existing protocols used for network access to meet requirements.
Protocol for I2RS I2RS WG IETF #89 London, UK Dean Bogdanovic v0.1.
TNC Proposals for NEA Protocols Presentation by Steve Hanna to NEA WG meeting at IETF 71 March 11, 2008.
Mutual Network Endpoint Assessment Jiwei Wei Han Yin Ke Jia IETF
NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna
Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
Network Access Control
NEA Working Group IETF meeting July 27, 2011 Jul 27, 2011IETF 81 - NEA Meeting1.
NEA Working Group IETF 72 Co-chairs: Steve Hanna Susan
XACML MAP Authorization Profile Richard Hill, John Tolbert May 16, 2013.
TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt Yoav Nir Yaron Sheffer (presenter) Hannes Tschofenig Peter Gutmann IETF-70, Vancouver, Dec.
COPS Common Open Policy Services Protocol IETF RFC 2748, 2749, 2753, 3084 Diana Rawlins WorldCom.
Proposed SACM Architecture Ad-hoc SACM Arch team July 2014.
Great Bay Beacon Extreme Sentriant AG RADIUS router (proxy) Network Enforcement Point Switches Cisco Enterasys Extreme HP APs Introduction to NAC Switches.
SACM Vulnerability Assessment Scenario IETF 95 04/05/2016.
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
Prof. Andreas Steffen Institute for Networked Solutions
Informing AAA about what lower layer protocol is carrying EAP
Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.
Proposed SACM Architecture
Implementing Network Access Protection
Mutual Attestation of IoT Devices Connect Security World September 2016 Marseille Prof. Andreas Steffen Institute for Internet Technologies and Applications.
Mutual Attestation of IoT Devices and TPM 2
draft-fitzgeraldmckay-sacm-endpointcompliance-00
Trusted Network Connect: Open Standards for NAC
Network Access Control
2018 Real Cisco Dumps IT-Dumps
Firewalls and GMPLS Networks: A token based approach
ISMS Information Security Management System
Protecting Network Assets
Test Process “V” Diagram
Network Access Control
NAP / PWG Discussion August 17, 2009.
Presentation transcript:

Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting

NEA Reference Model from RFC 5209 Posture Collectors Posture Validators Posture Transport Server Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Posture Transport (PT) protocols Posture Transport Client Posture Broker Client Posture Broker Server November 5, 20122IETF 85 - SACM Meeting

Basic TNC Architecture Policy Decision Point Policy Enforcement Point Access Requestor Verifiers t Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) IF-M IF-IMCIF-IMV Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority IF-T IF-PEP TNC Server (TNCS) TNC Client (TNCC) IF-TNCCS November 5, 20123IETF 85 - SACM Meeting

NEA With EAP Transport (PT-EAP) November 5, 2012IETF 85 - SACM Meeting4 Non-compliant System Windows 7 x OSHotFix 2499 x OSHotFix 9288 AV - McAfee Virus Scan 8.0 Firewall NEA Client Remediation Network Compliant System Windows 7 OSHotFix 2499 OSHotFix 9288 AV - Symantec AV 10.1 Firewall Production Network Policy Enforcement Point Policy Decision Point Policy Windows 7 OSHotFix 2499 OSHotFix 9288 AV (one of) Symantec AV 10.1 McAfee Virus Scan 8.0 Firewall PA-TNC/PB-TNC/PT-EAP

NEA With TLS Transport (PT-TLS) November 5, 2012IETF 85 - SACM Meeting5 Access Requestor Compliant System Windows 7 OSHotFix 2499 OSHotFix 9288 AV - Symantec AV 10.1 Firewall Policy Decision Point Policy Windows 7 OSHotFix 2499 OSHotFix 9288 AV (one of) Symantec AV 10.1 McAfee Virus Scan 8.0 Firewall PA-TNC/PB-TNC/PT-TLS

SCAP Messages for IF-M Policy Decision Point Policy Enforcement Point Access Requestor Verifiers t Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) IF-M IF-IMCIF-IMV Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority IF-T IF-PEP TNC Server (TNCS) TNC Client (TNCC) IF-TNCCS November 5, 20126IETF 85 - SACM Meeting SCAP

IF-MAP: Secure Dynamic Info Sharing Policy Decision Point Policy Enforcement Point Access Requestor Verifiers t Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) IF-M IF-IMCIF-IMV Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority IF-T IF-PEP TNC Server (TNCS) TNC Client (TNCC) IF-TNCCS Metadata Access Point Sensors and Flow Controllers Metadata Access Point IF-MAP Sensor IF-MAP Flow Controller IF-MAP November 5, 20127IETF 85 - SACM Meeting

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.