-----Original Message-----
From: Susmit Panjwani [mailto:susmit(_at_)gmail(_dot_)com]
Sent: Saturday, October 07, 2006 5:04 PM
To: Harald Alvestrand
Cc: Narayanan, Vidya; nea(_at_)ietf(_dot_)org; iesg(_at_)ietf(_dot_)org;
ietf(_at_)ietf(_dot_)org
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
Third, I > > simply can't see what the organization's
interests would be in
protecting a device that doesn't even belong to it.
An organization might not be interested in protecting a
device that does not belong to it but would definitely be
interested in preventing the attacks originating from such
device (if compromised) when it joins the organization
network.
It appears that the NEA charter is completely misleading to some people
from what is stated in this email. As the NEA charter alludes to, NEA
does nothing to protect against compromised devices. Also, as has been
agreed, NEA is not a protection mechanism for the network - it is meant
to be a protection mechanism for compliant, truthful and as yet
uncompromised end hosts against known vulnerabilities.
Any network, in its own best interests, must assume that it has lying
and compromised endpoints connecting to it and that there are unknown
vulnerabilities on any NEA-compliant devices connecting to it. Any kind
of protection that addresses these general threats that the network may
be exposed to at any time will simply obviate the need for NEA from the
network perspective.
A network operator that thinks the network is getting any protection by
employing NEA is clearly ignoring the obvious real threats that the
network is exposed to at any time.
This is what I meant when I said that the charter is unclear and it must
explicitly state that NEA is not meant as a protection mechanism of any
sort for the network.
Vidya
To cite a study that we performed at
UMD: we did a cost-benefit analysis based on the captured
attacks from within the organization, and it turns out that
the organization would benefit significantly if they
implement any trusted network access technology.
I do realize that there would be issues in terms of user
privacy and interoperability(which this charter is trying to
tackle) but just wanted to mention that there would be
significant benefits if they can implement it. This is
especially true for university environment. As a matter of
fact I am aware of some universities/departments that were
planning to implement a home grown solution for this.
Susmit
--
Susmit Panjwani
PhD Candidate,
Center for Risk and Reliability,
University of Maryland
Cell: 240-460-9782
On 10/7/06, Harald Alvestrand <harald(_at_)alvestrand(_dot_)no> wrote:
The reason we left it open is to allow the working group to spend
more
time exploring the range of use cases in this area to better
determine requirements and applicability. For example,
it may be
useful to classify endpoints as network-managed versus
user-managed versus 3rd-party managed. A user-managed
endpoint may
want the choice to opt in or opt out, say.
Not only do I not see anything in the charter or milestones that
indicates that the WG is going to spend time exploring this, I
strongly believe this WG should not be spending any time
looking at
this. The trust models for the cases where the devices
are not owned
by the organization performing NEA are hugely different
and can take
up its own WG to actually find something that applies
there, if at
all. For one, this could be considered a violation of
privacy by the
user of the device. Secondly, the end user's perspective
of attacks
may be entirely different from the organization's perspective in
this case. Third, I simply can't see what the organization's
interests would be in protecting a device that doesn't
even belong
to it. Last but not the least, this requires the endpoint to be
running an NEA client (that is interoperable with the NEA
server of
the organization) - which in itself is often an
unrealistic requirement.
Many universities require their students to buy their own
laptops, but
prohibit certain types of activity from those laptops (like
spamming,
DDOS-attacks and the like). They would love to have the
ability to run
some kind of NEA procedure to ensure that laptops are reasonably
virus-free and free from known vulnerabilities, and are important
enough in their students' lives that they can probably enforce it
without a complaint about "violation of privacy".
Just pointing out that there's one use case with user-managed
endpoints where NEA is not obviously a bad idea.
Harald
_______________________________________________
Nea mailing list
Nea(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/nea
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf