IETF Logo Mail Archive

Re: [sacm] Components for Vulnerability Assessment

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Tue, 18 April 2017 14:48 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8D7912ECA1 for <sacm@ietfa.amsl.com>; Tue, 18 Apr 2017 07:48:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JZTtPN2QdQQz for <sacm@ietfa.amsl.com>; Tue, 18 Apr 2017 07:48:50 -0700 (PDT)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44B9B12EBFE for <sacm@ietf.org>; Tue, 18 Apr 2017 07:48:47 -0700 (PDT)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-2ubuntu2.1) with ESMTP id v3IEmiRP017771 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 18 Apr 2017 16:48:45 +0200
Received: from [134.102.161.156] (134.102.161.156) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 18 Apr 2017 16:48:39 +0200
To: "Haynes, Dan" <dhaynes@mitre.org>, Adam Montville <adam.w.montville@gmail.com>, "sacm@ietf.org" <sacm@ietf.org>
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com> <DM5PR09MB1354969FE7F3B67DC662A84AA5190@DM5PR09MB1354.namprd09.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <10eb6709-c198-5fdc-1306-cb19c2f6da89@sit.fraunhofer.de>
Date: Tue, 18 Apr 2017 16:48:38 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <DM5PR09MB1354969FE7F3B67DC662A84AA5190@DM5PR09MB1354.namprd09.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.161.156]
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/Pq5LhkUmWElSgzQpx2GJ7JX75LA>
Subject: Re: [sacm] Components for Vulnerability Assessment
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 14:48:53 -0000

Hello Danny,

the "Assessment Results Repository" and "Endpoint Repository" are two 
different components with different functions. The "Endpoint Repository" 
of course is the provider for the consumer that is the "Assessment 
Results Repository".

Most certainly, both components can be running on the same endpoint or 
be composed in a single service that merges both components. I suppose 
that is what you meant?

For the sake of show-casing how the architecture is working. I would 
recommend to start with each SACM component instantiated as a separate 
software component. Despite the fact that it looks simpler to just add 
the "Assessment Result" to the ""Endpoint Characterization Records" 
retained in an "Endpoint Repository".

Ultimately, people will want to use existing software and 
Asset/Inventory Management Software is a big candidate to provide the 
functions of an "Endpoint Repository". In consequence, I would keep 
these components instantiated separately in the first iteration.

What does the group think?

Viele Grüße,

Henk

On 04/18/2017 04:21 PM, Haynes, Dan wrote:
> Hi Adam,
>
>
>
> I think this is a good list for me, but, should the assessment results
> repository be merged into the endpoint repository?
>
> Thanks,
>
> Danny
>
>
>
> *From:*sacm [mailto:sacm-bounces@ietf.org] *On Behalf Of *Adam Montville
> *Sent:* Tuesday, April 18, 2017 9:04 AM
> *To:* sacm@ietf.org
> *Subject:* [sacm] Components for Vulnerability Assessment
>
>
>
> Hi All:
>
>
>
> We've got a list of components we think we care about for our
> vulnerability assessment scenario (focusing on the narrowest "ideal
> case" through the scenario for the time being.
>
>
>
> These are:
>
>
>
> * Vulnerability Detection Data Repository
>
> * Vulnerability Assessor
>
> * Endpoint Repository
>
> * Collector
>
> * Target Endpoint
>
> * Assessment Results Repository
>
>
>
> For reference, see our wiki [1] and/or the slides from IETF 98 [2]
> and/or the minutes from IETF 98 [3]
>
>
>
> Question to the WG: Is this an appropriate initial list of components?
>
>
>
> Please opine within the next few days (say by end of your day on
> Thursday, wherever you may be), so that we can generate some momentum on
> this effort.
>
>
>
> Kind regards,
>
>
>
> Adam
>
>
>
> [1] https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario
>
> [2] https://www.ietf.org/proceedings/98/slides/slides-98-sacm-vulnerability-scenario-discussion-00.pdf
>
> [3] https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00.txt
>
>
>
>
>
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>

v2.23.0 | Report a Bug | By Email