Re: [Nea] Re: WG Review: Network Endpoint Assessment (nea)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A typical NEA case (taken out of what Cisco's NAC is supposed to be good for):

- Worker goes on holiday, takes laptop
- New attack is discovered that exploits a newly discovered Windows vulnerability
- Patch is created, distributed and installed
- NEA posture requirement is increased to "must have patch"
- Worker comes back, plugs in laptop

Without NEA-like functionality:
- Worker is admitted
- Worker gets attacked & compromised
- IDS & other alarms go off
- Remediation efforts do what they usually do

With NEA:
- Worker gets sandboxed
- Worker gets upgraded
- Worker gets admitted
- No compromise, so no remediation

No ill intent on the part of any participant (except the attacker). Just a TCO issue.

The fact that some fruit is low-hanging doesn't mean it's not worth picking.

                  Harald


Alan DeKok wrote:
Brian E Carpenter <brc@xxxxxxxxxxxxxx> wrote:
What if your contractor has carefully configured the laptop to
give all the right answers? What if it has already been infected with
a virus that causes it to give all the right answers?

  Yes, that's a problem with NEA.  No, it's not a problem for many (if
not most) people using NEA.

  The people I talk with plan on using NEA to catch the 99% case of a
misconfigured/unknown system that is used by a well-meaning but
perhaps less clueful employee or contractor.  The purpose of NEA is to
enhance network security by allowing fewer insecure end hosts in the
network.

  No one can prevent a determined attacker from getting in.  But by
providing fewer hosts for him to attack, the attacks become less
feasibly, and more visible.

  Alan DeKok.

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]