Lets not forget that when (not if) NEA/NAP/NAC is deployed the IDSen
people have deployed today to
solve the lying-client-problem by scanning for common/current
vulnerabilities as part of the network admission
process will have to interface with PDPs part of a NEA intfrastructure.
Could you rephrase please? I am afraid I don't understand what you
are saying.
It has been pointed out on this list that the main deliverable from NEA
might well turn out to
be the way host postures are described - the schema if you will. I'm
positive that if someone
deployes NEA/NAP/NAC etc the admin will want to combine data from the
on-client
posture client with information from external IDS (etc) services to a
common Policy Decision
Point. That means that a reason to do NEA is to get this schema
standardized even if some
people who care about lying clients to never use and/or trust client
posture clients.
Oh, and lying endpoint problem cannot be solved by scanning for common
vulnerabilities! In fact, the two have no relation whatsoever.
They have the single relation of both expressing claims about the state
of a host.
Cheers Leif
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf