I run a very closed network, ports are closed and not opened unless there is
a validated request, external drives are disabled etc etc. A contractor
comes in with a notebook and needs to work on some files located on our
internal secure network. A trusted staff member rings in with the request
to open a specified port. The port is opened and the contractor hooks up
the laptop to it. NEA does it's thing and if the laptop doesn't match the
requirements of the internal network policy it is directed to a sandbox
network for remediation. If the laptop does meet the policy then it allowed
onto the internal network.
What if your contractor has carefully configured the laptop to
give all the right answers? What if it has already been infected with
a virus that causes it to give all the right answers?
The first case is certainly current practice, and the second one could
arrive any day.
Brian
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf