Re: [Panic] Scope Draft is Available

Daniel Migault <daniel.migault@ericsson.com> Fri, 19 May 2017 17:30 UTC

Return-Path: <daniel.migault@ericsson.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A3BE129527 for <panic@ietfa.amsl.com>; Fri, 19 May 2017 10:30:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hhJ-9NB60MkN for <panic@ietfa.amsl.com>; Fri, 19 May 2017 10:30:52 -0700 (PDT)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 927F8128BC8 for <Panic@ietf.org>; Fri, 19 May 2017 10:30:52 -0700 (PDT)
X-AuditID: c6180641-361ff700000037f2-67-591ee56a6cb6
Received: from EUSAAHC007.ericsson.se (Unknown_Domain [147.117.188.93]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id 2C.E6.14322.A65EE195; Fri, 19 May 2017 14:30:38 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC007.ericsson.se ([147.117.188.93]) with mapi id 14.03.0339.000; Fri, 19 May 2017 13:30:47 -0400
From: Daniel Migault <daniel.migault@ericsson.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>
CC: "Panic@ietf.org" <Panic@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
Thread-Topic: [Panic] Scope Draft is Available
Thread-Index: AdLNjFoi4UJSdMycRuOkrf0darmESQBj41DwADKpxpAAAE3vkAAGERdgABoV6IAAECSYQAAGh48g
Date: Fri, 19 May 2017 17:30:47 +0000
Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C118BDBA45@eusaamb107.ericsson.se>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com> <MWHPR09MB14406D7D3B3505F6DD476366F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <D4EE3E29-4B4D-4B64-8328-2755E1E17353@telefonica.com> <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com>
In-Reply-To: <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.12]
Content-Type: multipart/alternative; boundary="_000_2DD56D786E600F45AC6BDE7DA4E8A8C118BDBA45eusaamb107erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprDIsWRmVeSWpSXmKPExsUyuXRPrG7eU7lIgxU3ZC029vxjs/hw6i2b xYmn3WwWXy6sYnRg8ZjyeyOrx5IlP5k8rp38y+rR+Zs5gCWKyyYlNSezLLVI3y6BK6PhZTtT waGJzBVLPoY3MHa0M3cxcnJICJhI3L1wkK2LkYtDSOAoo8T6i9ugnOWMEqvvPgSrYhMwkmg7 1M8OYosI5EvMWvOfBcRmFoiWmLB6ExuILSygK/Hq5x1miBo9iSe/jrNC2FESxxafBOtlEVCV 2NnVBdbLK+ArsXRWH9SyZhaJNTumMYIkOAViJR5vWAk2lFFATOL7qTVMEMvEJW49mc8EcbaA xJI956FeEJV4+fgfK4StJDHn9TVmiPp8iQmHVkMtE5Q4OfMJywRGkVlIRs1CUjYLSdksRg6g uKbE+l36ECWKElO6H7JD2BoSrXPmsiOLL2BkX8XIUVpckJObbmS4iREYZ8ck2Bx3MO7t9TzE KMDBqMTD23FVLlKINbGsuDL3EKMEB7OSCC+DqHykEG9KYmVValF+fFFpTmrxIUZpDhYlcd53 5RcihATSE0tSs1NTC1KLYLJMHJxSDYxrT3/yqKq8wcv0u3vxg5VTyjxXWM/f5hkW4HDw3Rl7 aa9ful/e3/zEuDFCqjD6TTHbf9GXCxYcYrB+uvD0c1WNsC2Ln8o/7povvI6jXVFu1pRliUem bo7p/ldZee9Lr3p0kn3Jx7jD6iVFDwPC1mz/NlUiuNd/s/DfLlnzVVZpxx2aHqxiTn6gxFKc kWioxVxUnAgAzT0qRa8CAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/dC4JPH0OdotBI2fmNwwZGtPO_qM>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 17:30:56 -0000

Hi David,

Please find some small comments on the current version.

Section 3
Nits:
s/are currently be considered/are currently considered/

“””
Data Push Functionality:  Network devices will push information to a designated location.
“””
Location is unclear to me. I would rather consider a device with an identity. I also understand it as a one way relationship, that is Network Device pushing information.  More specifically, the Posture Server is not expected to push any configuration, information on the devices through this function.

Maybe the following requirement should be placed first in the list as it defines the necessary interactions.
Information Requirements for Network Device Management:

I believe that information also include the protocols used to interact between the network device and the posture. I typically envision Netconf/RESTCONF YANG or restful APIs as well.

I am also wondering whether:

  *   data storage needs a standard interface with the posture server.
  *   Discovery mechanisms may be performed so the network device discover their Posture Servers for example.
  *   Do we consider NAT between Posture Servers and Network Devices. I suggest no.

Yours,
Daniel




From: Panic [mailto:panic-bounces@ietf.org] On Behalf Of Waltermire, David A. (Fed)
Sent: Friday, May 19, 2017 10:10 AM
To: Diego R. Lopez <diego.r.lopez@telefonica.com>;
Cc: Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com>;
Subject: Re: [Panic] Scope Draft is Available

Diego, thanks for the edits.

All,
I am going to drop this text into an update of the scope draft. I’ll wait until Monday to work on posting the draft update. Please let me know if any other changes to the draft are desired.

Thanks,
Dave

From: Panic [mailto:panic-bounces@ietf.org] On Behalf Of Diego R. Lopez
Sent: Friday, May 19, 2017 2:23 AM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>;
Cc: Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com>;
Subject: Re: [Panic] Scope Draft is Available

Hi,

I agree with David’s proposal, with just a few minor changes with respect to the original text, to make it more general, completely covering the virtual cases (NFV) and eliminating the term “device” to avoid too many equivalences...

Network operators need to know what is connected to their organization's networks so that they can properly manage those network elements. Managing these network endpoints, consisting of physical and virtual network infrastructure, requires access to information pertaining to them, including endpoint identity, the identity of software installed on the element, and the configuration setting values for the installed software. This information can be collected from different classes of elements over different protocols and using different data models. PANIC will identify a standardized solution to collect posture information for network element, and allow that information to be shared with authorized users and elements on the network supporting security automation. PANIC aims to reuse available standards for posture assessment where possible. The PANIC effort will avoid redefining information exchange technologies for use cases that have already been defined.

Be goode,

On 18 May 2017, at 20:01 , Waltermire, David A. (Fed) <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>> wrote:

Panos, thanks for providing text.

We have participants that are approaching this problem space that are accustomed to using endpoint and network element. How about the following introduction text to draw an equivalence between these terms?

Network operators need to know what is connected to their organization's networks so that they can properly manage those network elements. Managing these network elements, consisting of physical and virtual network infrastructure devices, requires access to information pertaining to these endpoint devices, including device identity, the identity of software installed on the endpoint, and the configuration setting values for the installed software. This information can be collected from different classes of endpoints over different protocols and using different data models. PANIC will identify a standardized solution to collect posture information for network devices, and allow that information to be shared with authorized users and devices on the network supporting security automation. PANIC aims to reuse available standards for posture assessment where possible. The PANIC effort will avoid redefining information exchange technologies for use cases that have already been defi
ned.

Also, I added your text to the security considerations section. I will post this in the -02 revision once we sort out the Introduction.

Thanks,
Dave

-----Original Message-----
From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com]
Sent: Thursday, May 18, 2017 12:30 PM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>>; Panic@ietf.org<mailto:Panic@ietf.org>
Subject: RE: Scope Draft is Available

ACK. Below some proposed text:

For the Security Considerations Section:
  Further discussion here will address the threat introduced to the network
elements by the posture information collection. There should be protections
implemented to prevent the element from being vulnerable to DoS attacks
by frequent polling or pushing of posture data.

For the Introduction Section:
  ...automation. PANIC aims to reuse available standards for posture
assessment where possible. It will avoid redefining info exchange
technologies for usecases that have already been defined.

For the Introduction Section:
  ...manage those
  endpoints. Endpoints / Elements include hardware, software of virtual
network infrastructure devices.





hardware, software or virtual (NFV fails in this
category)


-----Original Message-----
From: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov]
Sent: Thursday, May 18, 2017 10:59 AM
To: Panos Kampanakis (pkampana) <pkampana@cisco.com<mailto:pkampana@cisco.com>>; Panic@ietf.org<mailto:Panic@ietf.org>
Subject: RE: Scope Draft is Available

Panos,

Thank you for providing feedback on the PANIC scope draft.

Comments are inline below.

-----Original Message-----
From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com]
Sent: Thursday, May 18, 2017 10:37 AM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>>;
Panic@ietf.org<mailto:Panic@ietf.org>
Subject: RE: Scope Draft is Available

Hi David,

The document is clear.

One semantic objection I have is about the use of the word endpoint. I
believe the term is commonly used for user machines (laptops, cells,
tablets) . Network element or element is a little clearer.

I don't have a dog in this fight. I am happy to go either way (e.g., endpoint,
network element) if there is a preference in the group for one term or the
other. I'd like to hear other opinions on this.

A susggestion: The security section could mention the importance of
not introducing security concerns with the posture info collection.
For example a device should not be DoSable by too many polls, or it
should not push often enough that would introduce performance concerns
etc.

I think this is a good idea. Do you have some text in mind to drop in?

I think it will also be beneficial to be explicit about the types of
network elements. In the broad technologies that exist today, these
elements could be hardware, software or virtual (NFV fails in this
category). All of those should be in scope for this work.

All of these are in scope in my view.

Side comment: I would like this standardization effort to try to reuse
data formats and transports wherever possible and not come up with new
posture information descriptions. I think this is a common goal that
SACM has as well.

I share this goal as well. Should we document this in the draft?

Thanks,
Panos

Regards,
Dave

-----Original Message-----
From: Panic [mailto:panic-bounces@ietf.org] On Behalf Of Waltermire,
David A. (Fed)
Sent: Monday, May 15, 2017 11:03 AM
To: Panic@ietf.org<mailto:Panic@ietf.org>
Subject: [Panic] Scope Draft is Available

Welcome to the posture assessment through network information
collection
(PANIC) email list. At the side meeting on March 29th, we started
discussing the problem of how to measure the health of network
devices. We discussed the need to collect posture information from
network devices to support asset, software, vulnerability, and
configuration management use cases. We were asked by the group to
share a more detailed description of the intended scope for the PANIC
effort. The follow draft is an attempt to do
so:

https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/

We would appreciate review of and comments on this draft. At this
point, we want to know if the this scope clearly defines the problem to be
solved.
Please let us know if you have any questions or concerns, or if you
think the scope draft is adequate.

Regards,
David Waltermire

_______________________________________________
Panic mailing list
Panic@ietf.org<mailto:Panic@ietf.org>
https://www.ietf.org/mailman/listinfo/panic

_______________________________________________
Panic mailing list
Panic@ietf.org<mailto:Panic@ietf.org>
https://www.ietf.org/mailman/listinfo/panic

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>
Tel:    +34 913 129 041
Mobile: +34 682 051 091
----------------------------------


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição