Mutual Network Endpoint Assessment Jiwei Wei Han Yin Ke Jia IETF

Slides:



Advertisements
Similar presentations
360 degree feedback information session
Advertisements

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
CCNA – Network Fundamentals
Origins of ECRIT IETF has been working on location since 2000 –Spatial BoF, eventually GEOPRIV chartered in 2001 GEOPRIV provides location information.
IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Introduction to the Application.
Basic Computer Networks Configurations (cont.) School of Business Eastern Illinois University © Abdou Illia, Spring 2006 Week 2, Thursday 1/19/2006)
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Duties and Responsibilities of Budget Managers and Budget Analyst Duties and Responsibilities of Budget Managers and Budget Analyst.
Application Layer. Applications A program or group of programs designed for end users. Software can be divided into two general classes: systems software.
Application Layer. Applications A program or group of programs designed for end users. A program or group of programs designed for end users. Software.
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
Meeting the Needs of Individuals
Configuring connections between Dr.Web Enterprise Servers.
Survey of WebRTC based P2P Streaming
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
IP Ports and Protocols used by H.323 Devices Liane Tarouco.
1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D.
Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.
Auditing Information Systems (AIS)
(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.
Chapter 18: Doing Business on the Internet Business Data Communications, 4e.
Chapter 18: Doing Business on the Internet Business Data Communications, 4e.
Architecture of Message Oriented Middleware [1]
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
SACM Requirements Nancy Cam-Winget March 2014.
NEA Requirement I-D IETF 68 – Prague Paul Sangster Symantec Corporation.
SACM Scope Discussion IETF-92 Meeting March 23, 2015 Dave Waltermire Adam Montville.
The Intranet.
NEA Requirements Update -06 version summary. Posture Transport Considerations Issue –Ability of existing protocols used for network access to meet requirements.
Lecture Week 3 Application Layer Functionality and Protocols Network Fundamentals.
IETF67 DIME WG Towards the specification of a Diameter Resource Control Application Dong Sun IETF 67, San Diego, Nov 2006 draft-sun-dime-diameter-resource-control-requirements-00.txt.
TNC Proposals for NEA Protocols Presentation by Steve Hanna to NEA WG meeting at IETF 71 March 11, 2008.
Personal Information Management in a Ubiquitous Computing Environment Institute of Systems & Information Technologies/KYUSHU Kenichi Takahashi.
TURN extension to convey flow characteristics draft-wing-tsvwg-turn-flowdata-00 July 2014, IETF 90 Meeting Authors: Dan Wing, Tiru Reddy, Brandon Williams,
NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
Organisations and Data Management 1 Data Collection: Why organisations & individuals acquire data & supply data via websites 2Techniques used by organisations.
Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
NEA Working Group IETF meeting July 27, 2011 Jul 27, 2011IETF 81 - NEA Meeting1.
NEA Working Group IETF 72 Co-chairs: Steve Hanna Susan
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Telecommunication Requirements draft-zhuang-sacm-telereq-00 Xiaojun Zhuang, Minpeng Qi (presenter) Judy Zhu.
Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Application Layer Functionality and Protocols Network Fundamentals.
SACM Vulnerability Assessment Scenario IETF 95 04/05/2016.
Data Virtualization Tutorial… SSL with CIS Web Data Sources
Application Layer Functionality and Protocols
draft-fitzgeraldmckay-sacm-endpointcompliance-00
2018 Real Cisco Dumps IT-Dumps
Application Layer Functionality and Protocols
Comparison of LAN, MAN, WAN
Application Layer Functionality and Protocols
IS4680 Security Auditing for Compliance
Application Layer Functionality and Protocols
File Operations Access Permissions.
Cyber Risk & Cyber Insurance - Overview
Application Layer Functionality and Protocols
Peer-to-Peer Client-server.
Application Layer Functionality and Protocols
Protecting Privacy During On-line Trust Negotiation
Unit 8 Network Security.
Application Layer Functionality and Protocols
Application Layer Functionality and Protocols
Application Layer Functionality and Protocols
Presentation transcript:

Mutual Network Endpoint Assessment Jiwei Wei Han Yin Ke Jia IETF

Goals and Non-Goals Goal for Today: –Discuss MNEA Concept –Gather Feedback Not a Goal: –Change NEA Charter –Change NEA Model or Requirements

Current NEA 1, Focused on the scenarios where the owner of the endpoint is the same as the owner of the network. 2, A very common model for enterprises which provide equipment to employees to perform their duties. 3, For some applications like online business and file sharing, the current assessment is not enough to ensure the two communication parties are both secure. 4, Especially in P2P application, the endpoints perform equal responsibility and hence the mutual network endpoint assessment seems more necessary.

Current NEA Flows NEA Client NEA Server | | | client requests network access | | > | | | | Request | | < | | | | Posture | | > | | | | Result | | < | | |

Mutual NEA Every network endpoint can perform the assessment of the peer as well as can assist the peer in assessing itself. Every endpoint can decide whether or not to continue the subsequent interaction according to the peer's compliance with its security policy.

Mutual NEA Reference Model PA, PB and PT layer is the same as the current NEA model Posture Peer (PP) has the function of both PC and PV Posture Broker Peer (PBP) has the function of both PBC and PBS Posture Transport Peer (PTP) has the function of both PTS and PTC

Mutual NEA Reference Model Posture Peer Posture Peer Posture Transport Peer Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA Peer Posture Transport (PT) protocols Posture Transport Peer Posture Broker Peer Posture Broker Peer

MNEA Flows Endpoint A EndpointB | | | 1,ReqB | | < | | | | 2,PosA ReqA | | > | | | | 3,ResB PosB | | < | | | | 4,ResA | | > | | |

MNEA Flows Step2: As requested by Endpoint B Endpoint A returns its posture information (PosA) with the permission of the Endpoint A’s privacy policy. At the same time, Endpoint A responds a Posture Request (ReqA) to indicate what posture information the Endpoint B should provide.

MNEA Flows Step 3:Endpoint B assesses its received PosA according to the security policy and returns its assessment result (ResB). At the same time, Endpoint B returns the related posture information (PosB) requested by Endpoint A with the permission of the Endpoint B’s privacy policy.

Questions Do you find this useful? Should NEA support this use case? Any other feedback?

Thanks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.