Re: [Panic] Scope Draft is Available

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Wed, 28 June 2017 04:14 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5C62127867 for <panic@ietfa.amsl.com>; Tue, 27 Jun 2017 21:14:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HE02AjpAbZ8u for <panic@ietfa.amsl.com>; Tue, 27 Jun 2017 21:14:03 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7185C126B6D for <Panic@ietf.org>; Tue, 27 Jun 2017 21:14:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=61122; q=dns/txt; s=iport; t=1498623243; x=1499832843; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=kU4DDch79UVzob1LbcAk8kFALoG3UvSyBmdv7UPWjd4=; b=PEEpxyEzm6oensTIUbxkfMiatxuM3u6E8UpTB4w39v7pftO5eswe+9xE HnBRo04YvRbEBWMtnD+phe0C0yuYFxdn+Rg4xlkYJJt+HJdYDDx0lW3i+ ra36HO48KqzfGkhSd6ET0KLHssmpgi4HIUbfaWSBQdBqTVQQdtT6CHxkq Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C/AAAMLFNZ/5tdJa1SAQkZAQEBAQEBA?= =?us-ascii?q?QEBAQEHAQEBAQGCb2ljgQ4Hg2WKGZFoiCqNUIIOAyEBCoI1gzsCGoJpPxgBAgE?= =?us-ascii?q?BAQEBAQFrKIUYAQEBAQMBARgJCkEEBwwEAgEGAhEEAQEhAQYDAgICHwYCCRQJC?= =?us-ascii?q?AIEDgUIE4kxTAMVEJMWnWKCJoc7DYQWAQEBAQEBAQEBAQEBAQEBAQEBAQEBHYM?= =?us-ascii?q?ngTGCG2h5gySCV4FjAQcBCgEzCAgPgl2CYQWJVI1NhxM7Aoc0h04ahESCE1aEc?= =?us-ascii?q?4NuhlOJK4I9iTsBDxA4P0ALdBVJhREcgWZ2AYcJgSOBDQEBAQ?=
X-IronPort-AV: E=Sophos;i="5.40,273,1496102400"; d="scan'208,217";a="445068490"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jun 2017 04:14:01 +0000
Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v5S4E1Hv026853 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 28 Jun 2017 04:14:01 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 27 Jun 2017 23:14:00 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1210.000; Tue, 27 Jun 2017 23:14:00 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
CC: "Panic@ietf.org" <Panic@ietf.org>
Thread-Topic: [Panic] Scope Draft is Available
Thread-Index: AdLNjFoi4UJSdMycRuOkrf0darmESQBj41DwADKpxpAAAE3vkAAGERdgABoV6IAAECSYQAVmDMYAAC9E7wAB7bLiAABD9xnA
Date: Wed, 28 Jun 2017 04:14:00 +0000
Message-ID: <c23ef7b6788e4cedbde32c6ba63ab7f1@XCH-ALN-010.cisco.com>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com> <MWHPR09MB14406D7D3B3505F6DD476366F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <D4EE3E29-4B4D-4B64-8328-2755E1E17353@telefonica.com> <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com> <3c2c18cd-90a5-ed7f-d803-f2906f3d116b@htt-consult.com> <MWHPR09MB1440989ACF09FB9BADB8747EF0C10@MWHPR09MB1440.namprd09.prod.outlook.com> <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
In-Reply-To: <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.242.76]
Content-Type: multipart/alternative; boundary="_000_c23ef7b6788e4cedbde32c6ba63ab7f1XCHALN010ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/hACfxNp7EPGaYkhjXCAvXDQxem4>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jun 2017 04:14:08 -0000

Hi Jess,

The draft is in good shape. It clearly defines the scope of PANIC.

One suggestion for
      PANIC will
      identify a minimal set of information necessary to manage network
      devices and to support network security functions including
      configuration and vulnerability management.
would be to remove the “necessary to manage network devices“ as I think managing the device is out of scope of PANIC. It is mostly collecting (pull or push) the data that represent the posture, vulnerabilities and insecure configs.

As for NETCONF and YANG, I think these are to good candidate protocols and data representations. But I believe there would be other options to collect and potentially represent the data like RESTCONF, OVAL system characteristics, CPE etc. So, I think NETCONF/YANG should be mentioned but not mandated.

Rgs,
Panos


From: Jessica Fitzgerald-McKay [mailto:jmfmckay@gmail.com]
Sent: Monday, June 26, 2017 10:47 AM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>;
Cc: Robert Moskowitz <rgm-sec@htt-consult.com>;; Diego R. Lopez <diego.r.lopez@telefonica.com>;; Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com>;
Subject: Re: [Panic] Scope Draft is Available

All,
I have posted an updated draft scope here:  https://datatracker.ietf.org/doc/html/draft-waltermire-panic-scope-02.
I think we have addressed most of the issues brought up on list. I do not feel I adequately addressed making NAT out of scope (per Daniel's request) and would like some help on that.
Bob, to your questions on the relationship between our work and netconf, I think that we could best focus our time on extending YANG to meet the requirements we derive from this scoping statement. So, I stated that explicitly in this draft. I'd like to get feedback from the group on that approach, so please chime in if you like/dislike/love/loathe that idea.
Thanks,
Jess

On Fri, Jun 16, 2017 at 3:11 PM, Waltermire, David A. (Fed) <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>> wrote:
Hi Bob,

Thanks for asking. We have been working on an update. We hope to post it soon addressing the feedback we have received so far, including addressing the comments from your other email today.

Thanks,
Dave

From: Robert Moskowitz [mailto:rgm-sec@htt-consult.com<mailto:rgm-sec@htt-consult.com>]
Sent: Thursday, June 15, 2017 4:38 PM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>>; Diego R. Lopez <diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>>

Cc: Panic@ietf.org<mailto:Panic@ietf.org>; Panos Kampanakis (pkampana) <pkampana@cisco.com<mailto:pkampana@cisco.com>>
Subject: Re: [Panic] Scope Draft is Available

David,

Do you have an update to your draft?

I don't see anything past the Apr 11 01.txt draft.

thanks
On 05/19/2017 10:09 AM, Waltermire, David A. (Fed) wrote:
Diego, thanks for the edits.

All,

I am going to drop this text into an update of the scope draft. I’ll wait until Monday to work on posting the draft update. Please let me know if any other changes to the draft are desired.

Thanks,
Dave

From: Panic [mailto:panic-bounces@ietf.org] On Behalf Of Diego R. Lopez
Sent: Friday, May 19, 2017 2:23 AM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov><mailto:david.waltermire@nist.gov>
Cc: Panic@ietf.org<mailto:Panic@ietf.org>; Panos Kampanakis (pkampana) <pkampana@cisco.com><mailto:pkampana@cisco.com>
Subject: Re: [Panic] Scope Draft is Available

Hi,

I agree with David’s proposal, with just a few minor changes with respect to the original text, to make it more general, completely covering the virtual cases (NFV) and eliminating the term “device” to avoid too many equivalences...

Network operators need to know what is connected to their organization's networks so that they can properly manage those network elements. Managing these network endpoints, consisting of physical and virtual network infrastructure, requires access to information pertaining to them, including endpoint identity, the identity of software installed on the element, and the configuration setting values for the installed software. This information can be collected from different classes of elements over different protocols and using different data models. PANIC will identify a standardized solution to collect posture information for network element, and allow that information to be shared with authorized users and elements on the network supporting security automation. PANIC aims to reuse available standards for posture assessment where possible. The PANIC effort will avoid redefining information exchange technologies for use cases that have already been defined.

Be goode,

On 18 May 2017, at 20:01 , Waltermire, David A. (Fed) <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>> wrote:

Panos, thanks for providing text.

We have participants that are approaching this problem space that are accustomed to using endpoint and network element. How about the following introduction text to draw an equivalence between these terms?

Network operators need to know what is connected to their organization's networks so that they can properly manage those network elements. Managing these network elements, consisting of physical and virtual network infrastructure devices, requires access to information pertaining to these endpoint devices, including device identity, the identity of software installed on the endpoint, and the configuration setting values for the installed software. This information can be collected from different classes of endpoints over different protocols and using different data models. PANIC will identify a standardized solution to collect posture information for network devices, and allow that information to be shared with authorized users and devices on the network supporting security automation. PANIC aims to reuse available standards for posture assessment where possible. The PANIC effort will avoid redefining information exchange technologies for use cases that have already been defi
ned.

Also, I added your text to the security considerations section. I will post this in the -02 revision once we sort out the Introduction.

Thanks,
Dave


-----Original Message-----
From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com]
Sent: Thursday, May 18, 2017 12:30 PM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>>; Panic@ietf.org<mailto:Panic@ietf.org>
Subject: RE: Scope Draft is Available

ACK. Below some proposed text:

For the Security Considerations Section:
  Further discussion here will address the threat introduced to the network
elements by the posture information collection. There should be protections
implemented to prevent the element from being vulnerable to DoS attacks
by frequent polling or pushing of posture data.

For the Introduction Section:
  ...automation. PANIC aims to reuse available standards for posture
assessment where possible. It will avoid redefining info exchange
technologies for usecases that have already been defined.

For the Introduction Section:
  ...manage those
  endpoints. Endpoints / Elements include hardware, software of virtual
network infrastructure devices.





hardware, software or virtual (NFV fails in this

category)


-----Original Message-----
From: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov]
Sent: Thursday, May 18, 2017 10:59 AM
To: Panos Kampanakis (pkampana) <pkampana@cisco.com<mailto:pkampana@cisco.com>>; Panic@ietf.org<mailto:Panic@ietf.org>
Subject: RE: Scope Draft is Available

Panos,

Thank you for providing feedback on the PANIC scope draft.

Comments are inline below.


-----Original Message-----
From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com]
Sent: Thursday, May 18, 2017 10:37 AM
To: Waltermire, David A. (Fed) <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>>;
Panic@ietf.org<mailto:Panic@ietf.org>
Subject: RE: Scope Draft is Available

Hi David,

The document is clear.

One semantic objection I have is about the use of the word endpoint. I
believe the term is commonly used for user machines (laptops, cells,
tablets) . Network element or element is a little clearer.

I don't have a dog in this fight. I am happy to go either way (e.g., endpoint,
network element) if there is a preference in the group for one term or the
other. I'd like to hear other opinions on this.


A susggestion: The security section could mention the importance of
not introducing security concerns with the posture info collection.
For example a device should not be DoSable by too many polls, or it
should not push often enough that would introduce performance concerns
etc.

I think this is a good idea. Do you have some text in mind to drop in?


I think it will also be beneficial to be explicit about the types of
network elements. In the broad technologies that exist today, these
elements could be hardware, software or virtual (NFV fails in this
category). All of those should be in scope for this work.

All of these are in scope in my view.


Side comment: I would like this standardization effort to try to reuse
data formats and transports wherever possible and not come up with new
posture information descriptions. I think this is a common goal that
SACM has as well.

I share this goal as well. Should we document this in the draft?


Thanks,
Panos

Regards,
Dave


-----Original Message-----
From: Panic [mailto:panic-bounces@ietf.org] On Behalf Of Waltermire,
David A. (Fed)
Sent: Monday, May 15, 2017 11:03 AM
To: Panic@ietf.org<mailto:Panic@ietf.org>
Subject: [Panic] Scope Draft is Available

Welcome to the posture assessment through network information
collection
(PANIC) email list. At the side meeting on March 29th, we started
discussing the problem of how to measure the health of network
devices. We discussed the need to collect posture information from
network devices to support asset, software, vulnerability, and
configuration management use cases. We were asked by the group to
share a more detailed description of the intended scope for the PANIC
effort. The follow draft is an attempt to do
so:

https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/

We would appreciate review of and comments on this draft. At this
point, we want to know if the this scope clearly defines the problem to be
solved.

Please let us know if you have any questions or concerns, or if you
think the scope draft is adequate.

Regards,
David Waltermire

_______________________________________________
Panic mailing list
Panic@ietf.org<mailto:Panic@ietf.org>
https://www.ietf.org/mailman/listinfo/panic

_______________________________________________
Panic mailing list
Panic@ietf.org<mailto:Panic@ietf.org>
https://www.ietf.org/mailman/listinfo/panic

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>
Tel:    +34 913 129 041
Mobile: +34 682 051 091
----------------------------------


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição



_______________________________________________

Panic mailing list

Panic@ietf.org<mailto:Panic@ietf.org>

https://www.ietf.org/mailman/listinfo/panic


_______________________________________________
Panic mailing list
Panic@ietf.org<mailto:Panic@ietf.org>
https://www.ietf.org/mailman/listinfo/panic