Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mutual Network Endpoint Assessment Jiwei Wei Han Yin Ke Jia IETF

Published byIra Cobb Modified over 8 years ago

Similar presentations

Presentation on theme: "Mutual Network Endpoint Assessment Jiwei Wei Han Yin Ke Jia IETF"— Presentation transcript:

1 Mutual Network Endpoint Assessment Jiwei Wei jiwei.wei@huawei.com Han Yin ayinhan@huawei.com Ke Jia jiake.cn@huawei.com IETF 70jiwei.wei@huawei.com

2 Goals and Non-Goals Goal for Today: –Discuss MNEA Concept –Gather Feedback Not a Goal: –Change NEA Charter –Change NEA Model or Requirements

3 Current NEA 1, Focused on the scenarios where the owner of the endpoint is the same as the owner of the network. 2, A very common model for enterprises which provide equipment to employees to perform their duties. 3, For some applications like online business and file sharing, the current assessment is not enough to ensure the two communication parties are both secure. 4, Especially in P2P application, the endpoints perform equal responsibility and hence the mutual network endpoint assessment seems more necessary.

4 Current NEA Flows NEA Client NEA Server | | | client requests network access | | --------------> | | | | Request | | <-------------- | | | | Posture | | --------------> | | | | Result | | <-------------- | | |

5 Mutual NEA Every network endpoint can perform the assessment of the peer as well as can assist the peer in assessing itself. Every endpoint can decide whether or not to continue the subsequent interaction according to the peer's compliance with its security policy.

6 Mutual NEA Reference Model PA, PB and PT layer is the same as the current NEA model Posture Peer (PP) has the function of both PC and PV Posture Broker Peer (PBP) has the function of both PBC and PBS Posture Transport Peer (PTP) has the function of both PTS and PTC

7 Mutual NEA Reference Model Posture Peer Posture Peer Posture Transport Peer Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA Peer Posture Transport (PT) protocols Posture Transport Peer Posture Broker Peer Posture Broker Peer

8 MNEA Flows Endpoint A EndpointB | | | 1,ReqB | | <------------ | | | | 2,PosA ReqA | | ------------> | | | | 3,ResB PosB | | <------------ | | | | 4,ResA | | ------------> | | |

9 MNEA Flows Step2: As requested by Endpoint B Endpoint A returns its posture information (PosA) with the permission of the Endpoint A’s privacy policy. At the same time, Endpoint A responds a Posture Request (ReqA) to indicate what posture information the Endpoint B should provide.

10 MNEA Flows Step 3:Endpoint B assesses its received PosA according to the security policy and returns its assessment result (ResB). At the same time, Endpoint B returns the related posture information (PosB) requested by Endpoint A with the permission of the Endpoint B’s privacy policy.

11 Questions Do you find this useful? Should NEA support this use case? Any other feedback?

12 Thanks

Download ppt "Mutual Network Endpoint Assessment Jiwei Wei Han Yin Ke Jia IETF"

Similar presentations

360 degree feedback information session

360 degree feedback information session
The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Origins of ECRIT IETF has been working on location since 2000 –Spatial BoF, eventually GEOPRIV chartered in 2001 GEOPRIV provides location information.

Origins of ECRIT IETF has been working on location since 2000 –Spatial BoF, eventually GEOPRIV chartered in 2001 GEOPRIV provides location information.
IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,

IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Introduction to the Application.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Introduction to the Application.
Basic Computer Networks Configurations (cont.) School of Business Eastern Illinois University © Abdou Illia, Spring 2006 Week 2, Thursday 1/19/2006)

Basic Computer Networks Configurations (cont.) School of Business Eastern Illinois University © Abdou Illia, Spring 2006 Week 2, Thursday 1/19/2006)
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Duties and Responsibilities of Budget Managers and Budget Analyst Duties and Responsibilities of Budget Managers and Budget Analyst.

Duties and Responsibilities of Budget Managers and Budget Analyst Duties and Responsibilities of Budget Managers and Budget Analyst.
Application Layer. Applications A program or group of programs designed for end users. Software can be divided into two general classes: systems software.

Application Layer. Applications A program or group of programs designed for end users. Software can be divided into two general classes: systems software.
Application Layer. Applications A program or group of programs designed for end users. A program or group of programs designed for end users. Software.

Application Layer. Applications A program or group of programs designed for end users. A program or group of programs designed for end users. Software.
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
Meeting the Needs of Individuals

Meeting the Needs of Individuals
Configuring connections between Dr.Web Enterprise Servers.

Configuring connections between Dr.Web Enterprise Servers.
Survey of WebRTC based P2P Streaming

Survey of WebRTC based P2P Streaming
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
IP Ports and Protocols used by H.323 Devices Liane Tarouco.

IP Ports and Protocols used by H.323 Devices Liane Tarouco.
1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D.

1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D.

Similar presentations

Ads by Google