Re: [Mud] Using MUD to enforce network traffic policies
"M. Ranganathan" <mranga@gmail.com> Tue, 10 September 2019 14:39 UTC
Return-Path: <mranga@gmail.com>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D0F812013C for <mud@ietfa.amsl.com>; Tue, 10 Sep 2019 07:39:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z86Z0izEE2Rm for <mud@ietfa.amsl.com>; Tue, 10 Sep 2019 07:39:34 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19B2012008A for <Mud@ietf.org>; Tue, 10 Sep 2019 07:39:34 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id b136so38082293iof.3 for <Mud@ietf.org>; Tue, 10 Sep 2019 07:39:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yWqPfPqChZH+bLoln6Xut03K5VrmycRkDtPIwjCcElM=; b=bgbJmKFOT/JsP2x0jRBMRCiCT5VgYMdn9YSkq+Pi1idDYFusj2JqjIN3BF2BYrRD09 EJVziiVxFgrUUHO7z1UH/Pk/WSOdScIAO0Ap3d3/iL+Zfpw9B9FnfB2B/yDgvZfY2api YtY0/b3B8H5YdUpPrE6ZLT8p6mYLpoYvgZw7ntAFJzluqoNDutGXXQGGvy4ytWNPmLH6 wHBXWDDyYFcfcCCyiskMy5OKpBhJHOLgcZy0V2ujlGr6c5oPzEUZJH4UpJTNth0dHHwP sa7xchQMACF3vG9qIP5tntnmHz8+no978PzXbakpVKGrxSg7r0cCYhp7X1aa1s+wiP2P 4uiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yWqPfPqChZH+bLoln6Xut03K5VrmycRkDtPIwjCcElM=; b=aMjAGiROH3DkSwH5oSaaySJVNy/4PG1zTVXneFEsfaxclRgjeS54GDqXG48B967KGI oSUDzAeFc5PkdN9MXzetiisv5twwpXwCjUClsLRsEj8g6t2iZhUcFzSwOPgZTzgfTSrA 21N1tjuJ5pl6hh4T3Fwbk6HvKlx5ocS8AJEHttjjGC6Vr+9ZMX23SaLlNU6SblwphPTG Tuw5Lh7zB/rpSE7RpOtV1+zWaHrGT7MnFS2yvQHKCdD/ziMwcBTFIrUPD8kdP4mjMTwD 2aXSUblNWZ+F0p2JUPoiV4OS3dJGx4roELroWHNkidogRK0EGjoH6A9duJ5SpIdzW/D4 dkxQ==
X-Gm-Message-State: APjAAAXQlmHmrH04vWysQPYR5tqdnwbUFK+b/xtjtEEM9mD9al0uSCww KDlA5Dt8UCGK496laHSbyfxruI3k/foIdALly3J8FQoo7ug=
X-Google-Smtp-Source: APXvYqz0r9Z3MzT34wg16BXf2MOSf/IiEA2yYkNkETIaMZNp/dqQIH7dmD+kOKUm1g9fuVObLOAOwdkUCj2GXMSwnmA=
X-Received: by 2002:a5d:81d9:: with SMTP id t25mr4165652iol.102.1568126373060; Tue, 10 Sep 2019 07:39:33 -0700 (PDT)
MIME-Version: 1.0
References: <D4677646-39C6-43DD-AA98-5D22412D3C87@ntop.org>
In-Reply-To: <D4677646-39C6-43DD-AA98-5D22412D3C87@ntop.org>
From: "M. Ranganathan" <mranga@gmail.com>
Date: Tue, 10 Sep 2019 10:38:56 -0400
Message-ID: <CAHiu4JMaQBvJs2Y8P-_xgPU7H4ivr2rjnr4FD5apR_BZGMhukg@mail.gmail.com>
To: Luca Deri <deri@ntop.org>
Cc: Mud@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006de592059233df84"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/Ey98VHWpvIT6_WJPaLIXZfal7Qk>
Subject: Re: [Mud] Using MUD to enforce network traffic policies
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2019 14:39:36 -0000
Hello, interesting development. On Tue, Sep 10, 2019 at 3:09 AM Luca Deri <deri@ntop.org> wrote: > Hi all, > I am the developer of an open source network traffic monitoring > application named ntopng (https://github.com/ntop/ntopng). I have started > to use MUD to enhance ntopng to planned for MUD enhancements to make it > suitable not jus for IoT devices but also for generic devices as tablets > and laptops. In my view MUD is a great starting point to create a > “portable” device network behaviour that could be used in cybersecurity and > traffic monitoring to spot unexpected traffic flows. I have written a short > blog post > https://www.ntop.org/ntopng/using-rfc8520-mud-to-enforce-hosts-traffic-policies-in-ntopng/ that > explains this in detail and highlights the ongoing developments. > > I would be glad to receive some feedback in particular related to MUD > extensions that are IMHO necessary to make it more general than the > original idea. > > The following mud-reporter MUD extension could be of interest in your event reporting mechanism. https://github.com/iot-onboarding/mud-reporter/tree/master It would be interesting to get some feedback from you on the applicability of this extension to your work. > Regards Luca > > -- > Mud mailing list > Mud@ietf.org > https://www.ietf.org/mailman/listinfo/mud > -- M. Ranganathan