Re: [mile] PANIC Bar BoF Tonight @ 6:30pm CDT
"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Mon, 01 May 2017 20:58 UTC
Return-Path: <david.waltermire@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E60D6129573; Mon, 1 May 2017 13:58:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62oQKWlzZPYl; Mon, 1 May 2017 13:58:26 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0111.outbound.protection.outlook.com [23.103.200.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD68E12EA57; Mon, 1 May 2017 13:55:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yydB+HZEndTBVwwALOuONx8e4e/nLVLAndrg5rCdK+4=; b=Gtkf2ijAfPaws1aoptH85dkl0Mpdw3m7CappxtqUM/tLT254XYIXE2fiKi3gmLjYqXd1xo3oaF6sLaJY51sBAuA+C9FmLFNV/Z8OU2fbhoviyBcSAPCnGCemz7YcitXZ/qONZWGsLsW6yEBWHVMXTTo1F19ckfeMtssHPd5Zx/E=
Received: from MWHPR09MB1440.namprd09.prod.outlook.com (10.173.50.14) by MWHPR09MB1440.namprd09.prod.outlook.com (10.173.50.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.12; Mon, 1 May 2017 20:55:40 +0000
Received: from MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) by MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) with mapi id 15.01.1061.021; Mon, 1 May 2017 20:55:29 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: "saag@ietf.org" <saag@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>, "sacm@ietf.org" <sacm@ietf.org>, "mile@ietf.org" <mile@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: PANIC Bar BoF Tonight @ 6:30pm CDT
Thread-Index: AdKoyz/2/d9baDSGTnuHD2EJjZ7MgwZ8FaBw
Date: Mon, 01 May 2017 20:55:28 +0000
Message-ID: <MWHPR09MB14408EF0A9F034AEB6A1EC80F0140@MWHPR09MB1440.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.224.58]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR09MB1440; 7:ZGPQ0SBjCk2HAocykw0x4gGRcHCR65Zmi+EDiD5V7Q5bAJjXI5dmBfc6+ZyAd+BvEQK9k4c9DhtNyw8r/7sJY9ZoIqkaqb/fVAs5AYrHxn9mOEwmmLau9tUkwKzQFvf1eTzVJxakPBRyLie59ZaA71LcavJTgrbT3jRtMAxOOEvYBrz599/AG6ppbC4FQ7pfcT5MEPpbH6uqFBu6iUNiDpiK1oo9CYtWVMCkjyxopxLIRXijrl6j+hkIgtVqcDZODAuxDMq/qpTpdNh5yDsTPqu5YBsxZ3ukRDJr2muKFrngo2kfAbFt7hxflnzeI5X2cPzxzCoWOfrGjjqrPFxIbQ==
x-ms-office365-filtering-correlation-id: 52c6bf8e-73df-44d0-0bc4-08d490d4665f
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:MWHPR09MB1440;
x-microsoft-antispam-prvs: <MWHPR09MB144075C96718EA97AC37A9C9F0140@MWHPR09MB1440.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(211171220733660)(148717330147763);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123558100)(20161123562025)(20161123560025)(20161123555025)(6072148); SRVR:MWHPR09MB1440; BCL:0; PCL:0; RULEID:; SRVR:MWHPR09MB1440;
x-forefront-prvs: 02945962BD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39410400002)(39860400002)(39450400003)(39850400002)(39400400002)(377454003)(13464003)(50944005)(77096006)(25786009)(6436002)(53546009)(122556002)(305945005)(99286003)(54356999)(189998001)(229853002)(5660300001)(74316002)(6506006)(99936001)(7736002)(50986999)(450100002)(33656002)(2906002)(3280700002)(9686003)(55016002)(6116002)(102836003)(478600001)(3846002)(7696004)(6306002)(3660700001)(53936002)(5890100001)(2501003)(66066001)(86362001)(2201001)(2900100001)(6246003)(8936002)(81166006)(38730400002)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB1440; H:MWHPR09MB1440.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_002_MWHPR09MB14408EF0A9F034AEB6A1EC80F0140MWHPR09MB1440namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2017 20:55:28.8321 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1440
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/LQl0fVTY5HNKlz_vExtKvR_XW7E>
Subject: Re: [mile] PANIC Bar BoF Tonight @ 6:30pm CDT
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2017 20:58:30 -0000
The Posture Assessment Through Network Information Collection (PANIC) group held an informal bar BoF at IETF 98 to discuss available protocols and data models for assessing the posture of network equipment devices. A description of PANIC is below, and a slide deck is attached describing the group's goals and requirements. We had a productive discussion about the group's scope, and agreed to continue the conversation on a non-working group mailing list. The PANIC mailing list is now available for subscribers at this link: https://www.ietf.org/mailman/listinfo/panic. If you are interested in the effort, please join the mailing list. A scoping draft will be posted to the list in the next week. We look forward to your feedback on it. Regards, Dave PANIC Description: The IETF SACM work group has been working to standardize the collection of endpoint configuration and other posture information from enterprise endpoints. Collecting this information is critical to support automation of common network security tasks, including asset, software, vulnerability, and configuration management. Thus far, our efforts have focused primarily on standards to collect information in support of asset, software and vulnerability management use cases for classical endpoint devices (e.g., servers, laptops, etc), and has worked with other IETF members to determine what data would need to be to be collected, and how that data would be securely communicated across the network. Through such exchanges an organization can know what client endpoints are connected to their network, and if they are vulnerable to attack. Given the proliferation of attacks against network infrastructure devices, it is clear that the next step in our enterprise security automation effort must be to enable standardized reporting of similar information from network infrastructure devices. With the growing number of Yang models and increased adoption of NETCONF, RESTCONF, and related protocol work, we believe the time is right to work out how these standards can be used to measure the health of network devices. This information will, as in our efforts in SACM for client devices, support asset, software, vulnerability, and configuration management use cases. We hope to use existing management protocols to report this information from network infrastructure devices, supporting multiple use cases using the same set of management protocols. Such a mechanism will help network defenders protect against known attacks, and provide the necessary knowledge to detect and mitigate future attacks. > -----Original Message----- > From: Waltermire, David A. (Fed) > Sent: Wednesday, March 29, 2017 4:42 PM > To: 'saag@ietf.org' <saag@ietf.org>; 'opsawg@ietf.org' <opsawg@ietf.org>; > 'netconf@ietf.org' <netconf@ietf.org>; 'netmod@ietf.org' > <netmod@ietf.org> > Subject: PANIC Bar BoF Tonight @ 6:30pm CDT > > > Just a quick reminder... the Posture Assessment through Network > Information Collection (PANIC) bar BoF is tonight right after the IETF 98 > Technical and Administrative Plenary at 6:30pm CDT in Vevey 4 at the > Swissotel Conference Center. We are hoping to start a discussion about how > to leverage the existing IETF network management protocols to best address > security automation for network infrastructure devices. We would like your > ideas on how to best pursue this work, and your insights into network > infrastructure security problems that will impact our networks in the future. > We are holding a side meeting at IETF 98 on Wednesday, March 29th at > 6:30pm CDT to start a discussion about how to move forward on this topic. > > Given the late hour, we will have some light snacks. We hope to see you > there. > > Regards, > David Waltermire
- Re: [mile] PANIC Bar BoF Tonight @ 6:30pm CDT Waltermire, David A. (Fed)
- Re: [mile] PANIC Bar BoF Tonight @ 6:30pm CDT Linda Dunbar