[Caris-attendees] Use case assistance request
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 21 March 2018 08:56 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: caris-attendees@ietfa.amsl.com
Delivered-To: caris-attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BFAE12D94E for <caris-attendees@ietfa.amsl.com>; Wed, 21 Mar 2018 01:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i0BOkPAbFlxf for <caris-attendees@ietfa.amsl.com>; Wed, 21 Mar 2018 01:56:37 -0700 (PDT)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67C4212D86F for <caris-attendees@iab.org>; Wed, 21 Mar 2018 01:56:34 -0700 (PDT)
Received: by mail-io0-x235.google.com with SMTP id r18so5727130ioa.1 for <caris-attendees@iab.org>; Wed, 21 Mar 2018 01:56:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Y8Ex0bcuw+NrNR+DzQomwJAx3//3nM1TW2+RI61qQTU=; b=V16MrWMOm1NEd0MdTnBKuwNRJ8T1RWJVt48hSnZRPaU4MbxmvkP7HFwIYwEfufgf3M kY4y4qaBAPUKjEfKnb7sdbkW610c07bT8WL4HyUh/rDb9HjLkJgvIXqGnYEDXv9bTjqx NXCyBjBtUMowFlctTOmn/jeQaNM1yyiBQpfy886t4a0yiwsHhGHGzr2aJZfsb7FaFB3E 2NYS7eBx5QXPsS3Rm298lpinOiX9aCwKu4VPVmCHBhurA6JoyU9A65nJbFA2RJ+BMFu7 OKkZ0Oy+p/3FvL9CRAFP37+MZNfOUXFEF0zEf2nyoAIk1HYdQ/o2IgkpvorUyRlWAqJw 4JiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Y8Ex0bcuw+NrNR+DzQomwJAx3//3nM1TW2+RI61qQTU=; b=pmUMFMpnk/DCgcyK1vFIRefjxEzoavT/GoLV7ytpTIacrX8o5COrflWSXJDzxvin+r ykh7kwSfHriwEpBobAtq1ndvNcltSe+v63aw7BMRIhc1MjmtwIGEakaCeIXdjnxcUX/O k8AaXdUn8nLme5TiLQW8p1i1caMfhVkNe+SRSFRasSrROisZNZ5CpiVAv547oIWuZ2T0 jcwn6kYeAfn6DyGUH+37ni9/hT15CtNe0MntGyPopymFM1tD6T0VSORtPBwV22b4iJNl cGlZyGeVCMChGfM3oRj4sMXbX4s2cOWwfY61DBKuERdcoGSP2WB9Cg8wQRcceK05op6w F/CA==
X-Gm-Message-State: AElRT7Grhmfw5gYSWB/DGzIL21DrKNuoNUu9NQz1K8AcvZA+Xo8QWmMe 2becIe69kQdgIdZ/JE+JKZYwQBcMsjH6NXYM+e0hYg==
X-Google-Smtp-Source: AG47ELt5ou/l5XS1HsaZXhKLXLJ0HLkXy6JEcFcX9XyC3QczHKnzV1HYXdmnnJ/XznFy4k87MpKebPtv2FPZRq0xBW0=
X-Received: by 10.107.70.18 with SMTP id t18mr5063289ioa.220.1521622593550; Wed, 21 Mar 2018 01:56:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.192.156.137 with HTTP; Wed, 21 Mar 2018 01:55:53 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 21 Mar 2018 04:55:53 -0400
Message-ID: <CAHbuEH5Akie7bwZjNRL4_VXnJ4doBZUS7uMh2-uSAAVGtAA21w@mail.gmail.com>
To: caris-attendees@iab.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/caris-attendees/Fpcltn0otYZMFyxsrEQJV0VHDyE>
Subject: [Caris-attendees] Use case assistance request
X-BeenThere: caris-attendees@iab.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: CARIS Workshop Attendees List <caris-attendees.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/caris-attendees>, <mailto:caris-attendees-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/caris-attendees/>
List-Post: <mailto:caris-attendees@iab.org>
List-Help: <mailto:caris-attendees-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/caris-attendees>, <mailto:caris-attendees-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2018 08:56:40 -0000
Hello, Would someone be willing to help detail a use case on detecting lateral movement in an environment that has already been compromised including the methods of detection and remediation used. Ideally, we'd get examples in different networks leveraging different network architectures and tools. This is to assist with a better understanding of the current practices for monitoring within a network. It could be used in https://tools.ietf.org/html/draft-fenter-tls-decryption-00 or a new draft to inform next steps in determining what the real set of requirements are for monitoring within enterprise networks. If there are detection methods assessing encrypted streams to accomplish the same (or similar goals), it would be very important to note these as well to assess the current state and best practices. We could use this list or I am happy to collect this and other related information if sent to me directly. Thank you! -- Best regards, Kathleen
- [Caris-attendees] Use case assistance request Kathleen Moriarty