At 01:46 AM 10/16/2006, Leif Johansson wrote:
Lakshminath Dondeti wrote:
> At 01:42 AM 10/7/2006, Harald Alvestrand wrote:
>>> <snip>
>> Many universities require their students to buy their own laptops,
>> but prohibit certain types of activity from those laptops (like
>> spamming, DDOS-attacks and the like). They would love to have the
>> ability to run some kind of NEA procedure to ensure that laptops are
>> reasonably virus-free and free from known vulnerabilities, and are
>> important enough in their students' lives that they can probably
>> enforce it without a complaint about "violation of privacy".
>>
>> Just pointing out that there's one use case with user-managed
>> endpoints where NEA is not obviously a bad idea.
>
> My email ventures into a bit of non-IETF territory, but we are
> discussing use cases, and so I guess it's on topic. Universities
> should be the last places to try antics like NEA. Whereas an
> operational network would be a priority to them, it is also important
> that they allow students to experiment with new applications. If we
> are believing that general purpose computing will be taken away from
> college students, we are indeed talking about a different world.
>
> In any event, the bottomline is NEA as a solution to "network
> protection" is a leaky bucket at best.
>
> NEA at best *may* raise the bar in attacking a "closed" network where
> endpoints are owned and tightly controlled by the organization that
> owns the network.
>
Lets not forget that when (not if) NEA/NAP/NAC is deployed the IDSen
people have deployed today to
solve the lying-client-problem by scanning for common/current
vulnerabilities as part of the network admission
process will have to interface with PDPs part of a NEA intfrastructure.
Could you rephrase please? I am afraid I don't understand what you
are saying.
Oh, and lying endpoint problem cannot be solved by scanning for
common vulnerabilities! In fact, the two have no relation whatsoever.
Lakshminath
Cheers Leif
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf