Douglas Otis [EMAIL PROTECTED] wrote:
It seems impractical to specify system requirements or expect a
suitable examination be done realtime prior to obtaining access.
Maybe you're saying that a complete systems check would take too
long. That is true, but that isn't how the NEA variants
Noting the scenarios above, I claim that NEA-like functionality has
proved useful already in protecting the computing environment of an
enterprise. I have not seen compelling evidence that it has any use in
the layer 3 infrastructure used to carry customer traffic at an ISP.
But I think that's
Narayanan, Vidya wrote:
Harald,
This seems to be missing the point. I think there is a general sense
that NEA could be helpful for some level of protection to complying
endpoints in an enterprise scenario, which is exactly what you have
described below. The disagreement seems to be on the topics
At 11:06 PM 10/16/2006, Harald Alvestrand wrote:
Narayanan, Vidya wrote:
Harald,
snip
Noting the scenarios above, I claim that NEA-like functionality has
proved useful already in protecting the computing environment of an
enterprise. I have not seen compelling evidence that it has any use
in
Lakshminath Dondeti wrote:
At 11:06 PM 10/16/2006, Harald Alvestrand wrote:
Narayanan, Vidya wrote:
Harald,
snip
Noting the scenarios above, I claim that NEA-like functionality has
proved useful already in protecting the computing environment of an
enterprise. I have not seen compelling
At 12:29 AM 10/17/2006, Harald Alvestrand wrote:
Lakshminath Dondeti wrote:
At 11:06 PM 10/16/2006, Harald Alvestrand wrote:
Narayanan, Vidya wrote:
Harald,
snip
snip
NEA is applicable to computing environments of enterprises where
endpoints accessing the enterprise's network are owned
Andy Bierman wrote:
I don't agree that this is low-hanging fruit.
The server component of this system seems like a wonderful
new target for DDoS and masquerade attacks.
Well, first of all I don't see why this is any different than a radius
server. In fact it could be that the access box
Extreme clipping below:
v) IDS/IPS to detect and prevent intrusions
NEA might help here by providing a common semantics for communicating the
result of IDS scans of hosts to policy decision points.
Cheers Leif
___
Ietf mailing list
Eliot Lear wrote:
Andy Bierman wrote:
I don't agree that this is low-hanging fruit.
The server component of this system seems like a wonderful
new target for DDoS and masquerade attacks.
Well, first of all I don't see why this is any different than a radius
server. In fact it could be that
.
Regards,
Frank Yeh
- Original Message -
From: Frank Yeh Jr
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED] ; ietf@ietf.org
Sent: Thursday, October 12, 2006 3:32 PM
Subject: RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
Greetings,
Both of the existing flavors of NEA-type
To: Alan DeKok
Cc: [EMAIL PROTECTED]; ietf@ietf.org
Subject: Re: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
A typical NEA case (taken out of what Cisco's NAC is supposed
to be good
for):
- Worker goes on holiday, takes laptop
- New attack is discovered that exploits a newly
On Oct 12, 2006, at 2:27 PM, Darryl ((Dassa)) Lynch wrote:
Am I mistaken or is NEA intended to be a compliance check before a
node is allowed onto the network?
It seems impractical to specify system requirements or expect a
suitable examination be done realtime prior to obtaining access.
Harald Alvestrand wrote:
A typical NEA case (taken out of what Cisco's NAC is supposed to be good
for):
- Worker goes on holiday, takes laptop
- New attack is discovered that exploits a newly discovered Windows
vulnerability
- Patch is created, distributed and installed
- NEA posture
Brian E Carpenter [EMAIL PROTECTED] wrote:
What if your contractor has carefully configured the laptop to
give all the right answers? What if it has already been infected with
a virus that causes it to give all the right answers?
Yes, that's a problem with NEA. No, it's not a problem for
: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
Douglas Otis wrote:
If an application happens to be malware, it seems it would
be unlikely stop these applications. How about:
vi) Provide application level advisory information pertaining to
available services.
Points
Alan DeKok writes:
The people I talk with plan on using NEA to catch the 99% case of a
misconfigured/unknown system that is used by a well-meaning but
perhaps less clueful employee or contractor. The purpose of NEA is to
enhance network security by allowing fewer insecure end hosts in the
On Tue, 2006-10-10 at 20:01 -0700, Narayanan, Vidya wrote:
I am rather confused by this attempt to make NEA fit into some kind of
a network protection mechanism. I keep hearing that NEA is *one* of a
suite of protocols that may be used for protecting networks. Let's dig
a bit deeper into what
Douglas Otis wrote:
If an application happens to be malware, it seems it would
be unlikely stop these applications. How about:
vi) Provide application level advisory information pertaining to
available services.
Points that seem to be missing are:
vii) Notification of
I run a very closed network, ports are closed and not opened unless there is
a validated request, external drives are disabled etc etc. A contractor
comes in with a notebook and needs to work on some files located on our
internal secure network. A trusted staff member rings in with the
At 7:55 PM +1000 10/11/06, Darryl \(Dassa\) Lynch wrote:
I run a very closed network, ports are closed and not opened unless there is
a validated request, external drives are disabled etc etc. A contractor
comes in with a notebook and needs to work on some files located on our
internal secure
, this is exactly the type of endpoint I wouldn't imagine NEA
being useful for!
Vidya
-Original Message-
From: Darryl (Dassa) Lynch [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 11, 2006 2:56 AM
To: Narayanan, Vidya; ietf@ietf.org; [EMAIL PROTECTED]
Subject: RE: [Nea] Re: WG Review
Vidya,
Thanks for your response. I think we may be getting closer to
understanding each other's perspectives. That's a good thing.
Let me respond to your comments inline below. I hope you won't
mind if I clip a bit since this thread is starting to get long.
Vidya Narayanan wrote:
A. Any
In the end, I believe all NEA can do is help good hosts stay good. Bad
hosts will stay bad, and may or may not be identifyable as such. Still,
the former ain't nothing. But I agree with Ted at least in part that a
standardization effort for the content within NEA is challenging. I do
not think
Brian E Carpenter wrote:
I run a very closed network, ports are closed and not opened unless
there is a validated request, external drives are disabled etc etc.
A contractor comes in with a notebook and needs to work on some
files located on our internal secure network. A trusted staff
Hello Ted
Comments inline as appropriate.
Ted Hardie wrote:
At 7:55 PM +1000 10/11/06, Darryl \(Dassa\) Lynch wrote:
I run a very closed network, ports are closed and not opened unless
there is a validated request, external drives are disabled etc etc.
A contractor comes in with a notebook
Hi Vidya
Comments inline as appropriate.
Narayanan, Vidya wrote:
Your email indicates that you would:
a) somehow require that a visitor's laptop run an NEA client,
b) expect the device to support PAs that the server requires to be
checked, and c) trust data coming out of it,
rather
.
Some further comments inline.
-Original Message-
From: Stephen Hanna [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 10, 2006 1:30 PM
To: ietf@ietf.org; [EMAIL PROTECTED]; iesg@ietf.org
Subject: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
I have seen a lot
27 matches
Mail list logo