Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00
Dennis Cox <dcox@breakingpoint.com> Sat, 29 October 2011 12:49 UTC
Return-Path: <dcox@breakingpoint.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF38221F8505 for <bmwg@ietfa.amsl.com>; Sat, 29 Oct 2011 05:49:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W91n86tC+W8l for <bmwg@ietfa.amsl.com>; Sat, 29 Oct 2011 05:49:34 -0700 (PDT)
Received: from mail.breakingpoint.com (mail.breakingpoint.com [65.36.7.12]) by ietfa.amsl.com (Postfix) with ESMTP id 75E4421F84D2 for <bmwg@ietf.org>; Sat, 29 Oct 2011 05:49:33 -0700 (PDT)
Received: from EXCHANGE.securitytestsystems.com ([::1]) by EXCHANGE.securitytestsystems.com ([::1]) with mapi id 14.01.0289.008; Sat, 29 Oct 2011 07:49:32 -0500
From: Dennis Cox <dcox@breakingpoint.com>
To: Kenneth Green <KGreen@ixiacom.com>, "bmwg@ietf.org" <bmwg@ietf.org>
Thread-Topic: draft-green-bmwg-seceff-bench-meth-00
Thread-Index: AcySvqGwCJ5Y0rbNQRKjBrQFDORCwQDd8Aji
Date: Sat, 29 Oct 2011 12:49:31 +0000
Message-ID: <B41C90D2B5DF4F41A62DC6A462E7E0DC4FA2D3E2@EXCHANGE.securitytestsystems.com>
References: <D9D031B5F8793F4292136C1E841B62FD0132CD@CH1PRD0604MB113.namprd06.prod.outlook.com>
In-Reply-To: <D9D031B5F8793F4292136C1E841B62FD0132CD@CH1PRD0604MB113.namprd06.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.69.229.84]
Content-Type: multipart/alternative; boundary="_000_B41C90D2B5DF4F41A62DC6A462E7E0DC4FA2D3E2EXCHANGEsecurit_"
MIME-Version: 1.0
X-Mailman-Approved-At: Sat, 29 Oct 2011 06:46:49 -0700
Subject: Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bmwg>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2011 12:49:35 -0000
Kenneth, I read the draft you provided. Some questions and suggestions since you are soliciting for them. How will you select the attacks? Will you leverage CVEs? Or is this draft meant to be away of measuring two different flows? The reason I ask is that one companies data leakage is another companies standard traffic. You state that "all of these defensive solutions have in common ... distinguish between evil ... and good traffic". With the list such as anti-virus and anti-spam to data leakage listed, I would have to disagree. Solutions such as these at the eye of the beholder and each users requirements and each technologies inspection is quite different. One example: Anti-Spam companies use technologies from reputation based (Cisco IronPort) to RBL. How about evasions? Quite a large number of evasion techniques are used by people how attack networks. Will the draft take into account multiple language evasions? Or fragmentation and reassembly evasions? Will you rate the effectiveness of the device in handling attacks each type of evasion? In order to test security effectiveness it comparing between "good" traffic and "evil" traffic, I would think that whatever application protocol the "evil" traffic uses the good traffic would need to use as well. That should make section 3.1 easy to determine. Also, evil may not be the best word, perhaps malicious might be a bit used instead. Dennis ________________________________ From: bmwg-bounces@ietf.org [bmwg-bounces@ietf.org] on behalf of Kenneth Green [KGreen@ixiacom.com] Sent: Monday, October 24, 2011 9:53 PM To: bmwg@ietf.org Subject: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Hi Team, A new Internet Draft has been posted addressing benchmark testing of Security Effectiveness. http://www.ietf.org/id/draft-green-bmwg-seceff-bench-meth-00.txt We would like to solicit discussion about the concepts described in this draft and look forward to your comments, questions and suggestions. Regards, Kenneth Kenneth Green Solution Architect Ixia
- [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Jan Novak (janovak)
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 David Newman
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Dennis Cox
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Al Morton
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Al Morton
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Dennis Cox
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green