ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Nea] Re: WG Review: Network Endpoint Assessment (nea)

2006-10-13 05:21:01
from [Alan DeKok] [Permanent Link] 
Brian E Carpenter <brc(_at_)zurich(_dot_)ibm(_dot_)com> wrote:

What if your contractor has carefully configured the laptop to
give all the right answers? What if it has already been infected with
a virus that causes it to give all the right answers?


  Yes, that's a problem with NEA.  No, it's not a problem for many (if
not most) people using NEA.

  The people I talk with plan on using NEA to catch the 99% case of a
misconfigured/unknown system that is used by a well-meaning but
perhaps less clueful employee or contractor.  The purpose of NEA is to
enhance network security by allowing fewer insecure end hosts in the
network.

  No one can prevent a determined attacker from getting in.  But by
providing fewer hosts for him to attack, the attacks become less
feasibly, and more visible.

  Alan DeKok.

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: I understand that there is an ISO MOU with the IETF - I want to see it..., Theodore Tso
Next by Date:  Re:[Nea] WG Review: Network Endpoint Assessment (nea), yinhan 34728
Previous by Thread:  RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea), Darryl \(Dassa\) Lynch
Next by Thread:  Re: [Nea] Re: WG Review: Network Endpoint Assessment (nea), Arnt Gulbrandsen
Indexes:  [Date] [Thread] [Top] [All Lists]