ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Nea] WG Review: Network Endpoint Assessment (nea)

2006-10-11 11:02:54
from [todd glassey] [Permanent Link] 
Russ - I agree that something like a global NEA is necessary - just not that
a new protocol is necessary to implement it. So let me ask...

So then why not pass a new configuration mode model with SNMP - the point is
that while the idea of some agent that could actually collect these separate
logs and service records from the various 'aspects of compliance' built into
the operating models of the system in question, is no new one.

Tripwire's does this already. COPS and FREMONT can be made to with CRON and
their configuration files. SNORT, AIDE, Heck they can even use SysLogNG as
the transport for their log data which might also make sense as an
addition...  Or SCP/SFTP if they wanted to.

The point is that while NEA is a good collective idea at the altitude the
idea was hatched at, there are already things that do the NEA component
functions today, and that can be aggregated together into a homogeneous
utility environment without redesigning the wheel again.

I don't dispute that the end goal of what the Creator's of the NEA idea
wanted to accomplish is not good. It is clearly. But the issue is whether
its necessary to have in the form they have proposed so far when other very
similar and more widely deployed transports exist for the Inter-Nodal
Communications Model that NEA purports to want to create.

Again - SNMP and Syslog/SysLogNG can do allot of this already. Why not just
add an Node-Integrity Reporting Process to either of  them. From an Audit
Perspective this would be a powerful addition to the SysLog protocols since
it would better anchor them

Just my 35c.

Todd Glassey

----- Original Message ----- 
From: "Russ Housley" <housley(_at_)vigilsec(_dot_)com>
To: "Narayanan, Vidya" <vidyan(_at_)qualcomm(_dot_)com>
Cc: <nea(_at_)ietf(_dot_)org>; <iesg(_at_)ietf(_dot_)org>; 
<ietf(_at_)ietf(_dot_)org>
Sent: Wednesday, October 11, 2006 7:18 AM
Subject: RE: [Nea] WG Review: Network Endpoint Assessment (nea)



Vidya:


I'm not sure that the charter actually needs to get into the modes at
all - I'm guessing what happens after NEA (i.e., what is done with the
results from NEA) has zero impact on any work being done in NEA itself.
So, why not simply state something like "Once NEA is conducted on an
endpoint, the results may be used by an organization in accordance with
any policies of the organization itself."?


Discussions with the IAB and IESG prior to external review lead to
the addition of the modes discussion.  The point is that some
networks will demand compliance to grant full access, and other
networks will simply notify that host that they are not in
compliance.  A host my not want to change the configuration to gain
compliance.  That is acceptable in the second case, but not the first.

Russ



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea), Narayanan, Vidya
Next by Date:  RE: [Nea] WG Review: Network Endpoint Assessment (nea), Narayanan, Vidya
Previous by Thread:  RE: [Nea] WG Review: Network Endpoint Assessment (nea), Russ Housley
Next by Thread:  RE: [Nea] WG Review: Network Endpoint Assessment (nea), Narayanan, Vidya
Indexes:  [Date] [Thread] [Top] [All Lists]