Narayanan, Vidya wrote: <SNIP> >> I continue to remain puzzled on the above points! Hello Vidya Perhaps if I put forward an example of how NEA may benefit me it would go some way to clear the puzzle. I run a very closed network, ports are closed and not opened unless there is a validated request, external drives are disabled etc etc. A contractor comes in with a notebook and needs to work on some files located on our internal secure network. A trusted staff member rings in with the request to open a specified port. The port is opened and the contractor hooks up the laptop to it. NEA does it's thing and if the laptop doesn't match the requirements of the internal network policy it is directed to a sandbox network for remediation. If the laptop does meet the policy then it allowed onto the internal network. I have not had to physically interface with the laptop or needed to allow it onto the internal network before some basic checks have been carried out. If the laptop met the policy requirements it was quickly allowed into the internal network and the contractor hasn't had to prove to me their device could be trusted except through automated means using NEA. If I wish, I can run some more checks as the laptop joins the internal network including additional authentication and other hoops to ensure the system hasn't lied through NEA. Really I see NEA as providing additional information to a network administrator so they automate more decisions on the network. In the above situation, if I felt NEA provided all the information I needed I'd leave ports open and be reasonably confident there was little risk in doing so as unknown systems would be directed to the sandbox network if necessary and if a lying system was able to make it to the internal network my normal protection/security measures would catch it out or warn me of the possibility within a reasonable time. Just another tool to give network administrators information and systems they can use to ensure the majority of users get their requirements met in a reasonable and timely manner. Darryl (Dassa) Lynch _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf