RE: [Nea] WG Review: Network Endpoint Assessment (nea)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 

> -----Original Message-----
> From: Lakshminath Dondeti [mailto:ldondeti@xxxxxxxxxxxx] 
> Sent: Saturday, October 07, 2006 10:43 AM
> To: Harald Alvestrand; Narayanan, Vidya
> Cc: nea@xxxxxxxx; iesg@xxxxxxxx; ietf@xxxxxxxx
> Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
> 
> At 01:42 AM 10/7/2006, Harald Alvestrand wrote:
> >><snip>
> >Many universities require their students to buy their own 
> laptops, but 
> >prohibit certain types of activity from those laptops (like 
> spamming, 
> >DDOS-attacks and the like). They would love to have the 
> ability to run 
> >some kind of NEA procedure to ensure that laptops are reasonably 
> >virus-free and free from known vulnerabilities, and are important 
> >enough in their students' lives that they can probably enforce it 
> >without a complaint about "violation of privacy".
> >
> >Just pointing out that there's one use case with 
> user-managed endpoints 
> >where NEA is not obviously a bad idea.
> 
> My email ventures into a bit of non-IETF territory, but we 
> are discussing use cases, and so I guess it's on topic.  
> Universities should be the last places to try antics like 
> NEA.  Whereas an operational network would be a priority to 
> them, it is also important that they allow students to 
> experiment with new applications.  If we are believing that 
> general purpose computing will be taken away from college 
> students, we are indeed talking about a different world.
> 

I agree. Even in a controlled environment, there is bound to be
software/hardware that does not quite support NEA or specific posture
attributes. In a university environment, while some basic posture
reporting is feasible, there is bound to be a lot of software/hardware
that does not support any NEA parameters. The protection that even the
endhost may be getting from NEA is quite limited. 


> In any event, the bottomline is NEA as a solution to "network 
> protection" is a leaky bucket at best.
> 

The charter must be clarified to dispel this myth about NEA protecting
the network from anything.  

Vidya


> NEA at best *may* raise the bar in attacking a "closed" 
> network where endpoints are owned and tightly controlled by 
> the organization that owns the network.
> 
> Lakshminath
> 
> 
> >                    Harald
> >
> >
> >_______________________________________________
> >Ietf mailing list
> >Ietf@xxxxxxxx
> >https://www1.ietf.org/mailman/listinfo/ietf
> 
> 

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]