ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea)

2006-10-11 02:59:41
from [Darryl \(Dassa\) Lynch] [Permanent Link] 
Narayanan, Vidya wrote:
<SNIP>

I continue to remain puzzled on the above points!


Hello Vidya

Perhaps if I put forward an example of how NEA may benefit me it would go
some way to clear the puzzle.

I run a very closed network, ports are closed and not opened unless there is
a validated request, external drives are disabled etc etc.  A contractor
comes in with a notebook and needs to work on some files located on our
internal secure network.  A trusted staff member rings in with the request
to open a specified port.  The port is opened and the contractor hooks up
the laptop to it.  NEA does it's thing and if the laptop doesn't match the
requirements of the internal network policy it is directed to a sandbox
network for remediation.  If the laptop does meet the policy then it allowed
onto the internal network.  I have not had to physically interface with the
laptop or needed to allow it onto the internal network before some basic
checks have been carried out.  If the laptop met the policy requirements it
was quickly allowed into the internal network and the contractor hasn't had
to prove to me their device could be trusted except through automated means
using NEA.  If I wish, I can run some more checks as the laptop joins the
internal network including additional authentication and other hoops to
ensure the system hasn't lied through NEA.

Really I see NEA as providing additional information to a network
administrator so they automate more decisions on the network.  In the above
situation, if I felt NEA provided all the information I needed I'd leave
ports open and be reasonably confident there was little risk in doing so as
unknown systems would be directed to the sandbox network if necessary and if
a lying system was able to make it to the internal network my normal
protection/security measures would catch it out or warn me of the
possibility within a reasonable time.

Just another tool to give network administrators information and systems
they can use to ensure the majority of users get their requirements met in a
reasonable and timely manner.

Darryl (Dassa) Lynch 


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Complaints and complainers (Re: [Nea] WG Review: Network Endpoint Assessment (nea)), Harald Alvestrand
Next by Date:  Complaints and "rights" (was: Re: WG Review: Network Endpoint Assessment (nea)), John C Klensin
Previous by Thread:  RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea), Narayanan, Vidya
Next by Thread:  RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea), Ted Hardie
Indexes:  [Date] [Thread] [Top] [All Lists]