RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2006-10-10 at 20:01 -0700, Narayanan, Vidya wrote:
> I am rather confused by this attempt to make NEA fit into some kind of
> a network protection mechanism. I keep hearing that NEA is *one* of a
> suite of protocols that may be used for protecting networks. Let's dig
> a bit deeper into what a network may employ as protection mechanisms
> in order to protect against all kinds of general threats. 
> 
> i)   Access control mechanisms such as authentication and
>      authorization (to ensure only valid endpoints are allowed on the
>      network)
>
> ii)  Ingress address filtering to prevent packets with topologically
>      incorrect IP addresses from being injected into the network
>
> iii) VPNs to provide remote access to clients
>
> iv)  Firewalls to provide advanced filtering mechanisms
>
> v)   IDS/IPS to detect and prevent intrusions
>
> vi)  Application level filtering where applicable (e.g., detecting and
>      discarding email spam)

If an application happens to be malware, it seems it would be unlikely
stop these applications.  How about: 

vi)   Provide application level advisory information pertaining to
      available services.

Points that seem to be missing are:

vii)  Notification of non-compliance. (Perhaps this could become a
      restatement of i.)

viii) Time or sequence sensitive compliance certificates provided
      following a remediation process or service.


Often bad behavior is detected, such as scanning or sending spam which
may violate AUPs.  These violations may trigger a requirement for the
endpoint to use a service that offers remedies the endpoint might use.
There could then be a time-sensitive certificate of compliance offered
following completion of a check-list and an agreement to comply with the
recommendations.

Those that remain infected after remediation, or that ignore the AUPs
and are again detected, may find this process a reason to correct the
situation or their behavior, or the provider may wish to permanently
disable the account. 

-Doug


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]