[Mud] Using MUD to enforce network traffic policies
Luca Deri <deri@ntop.org> Tue, 10 September 2019 07:09 UTC
Return-Path: <deri@ntop.org>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D534A120089 for <mud@ietfa.amsl.com>; Tue, 10 Sep 2019 00:09:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ntop.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErFzaKGQ_5Bv for <mud@ietfa.amsl.com>; Tue, 10 Sep 2019 00:09:02 -0700 (PDT)
Received: from mail.ntop.org (mail-digitalocean.ntop.org [167.99.215.164]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F02812004E for <Mud@ietf.org>; Tue, 10 Sep 2019 00:08:59 -0700 (PDT)
Received: from [192.168.1.100] (host212-206-dynamic.22-79-r.retail.telecomitalia.it [79.22.206.212]) by mail.ntop.org (Postfix) with ESMTPSA id 185E23FACD for <Mud@ietf.org>; Tue, 10 Sep 2019 09:08:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ntop.org; s=mail; t=1568099337; bh=YIKG3I0a+qlXQGT1PoLMbQNhShK6rKlBC0YrIjP2JRM=; h=From:Subject:Date:To:From; b=pQqiy5qk0hUsdzH3hMRBbiewLyoRaZvngyDiQhJgbXfHJH5SV32UzKjeL0y3kVDn5 HW8odBN/rBXjbWEFaZlIWIp7NXq9hZXvgoVPwcpIJgwvYDoQqrdf5E9xQld6iS3r3a +MnRInJAIm1QiC4dNvsAp062c4axMqLW4q07YLzs=
From: Luca Deri <deri@ntop.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FBDEC435-4813-4DD9-87E1-5698D18E4D8A"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Message-Id: <D4677646-39C6-43DD-AA98-5D22412D3C87@ntop.org>
Date: Tue, 10 Sep 2019 09:08:55 +0200
To: Mud@ietf.org
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/zQ2dhP4ioigI7cCILkRay9Es280>
Subject: [Mud] Using MUD to enforce network traffic policies
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2019 07:09:05 -0000
Hi all, I am the developer of an open source network traffic monitoring application named ntopng (https://github.com/ntop/ntopng). I have started to use MUD to enhance ntopng to planned for MUD enhancements to make it suitable not jus for IoT devices but also for generic devices as tablets and laptops. In my view MUD is a great starting point to create a “portable” device network behaviour that could be used in cybersecurity and traffic monitoring to spot unexpected traffic flows. I have written a short blog post https://www.ntop.org/ntopng/using-rfc8520-mud-to-enforce-hosts-traffic-policies-in-ntopng/ <https://www.ntop.org/ntopng/using-rfc8520-mud-to-enforce-hosts-traffic-policies-in-ntopng/> that explains this in detail and highlights the ongoing developments. I would be glad to receive some feedback in particular related to MUD extensions that are IMHO necessary to make it more general than the original idea. Regards Luca