Re: [sacm] Components for Vulnerability Assessment
Muhammad Nasir Mumtaz Bhutta <mmbhutta@kfu.edu.sa> Wed, 19 April 2017 05:50 UTC
Return-Path: <prvs=0282fbd6a2=mmbhutta@kfu.edu.sa>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80BFE131514 for <sacm@ietfa.amsl.com>; Tue, 18 Apr 2017 22:50:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level:
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y8b3idvFU934 for <sacm@ietfa.amsl.com>; Tue, 18 Apr 2017 22:50:41 -0700 (PDT)
Received: from kfu.edu.sa (unknown [89.237.149.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE3D120724 for <sacm@ietf.org>; Tue, 18 Apr 2017 22:50:39 -0700 (PDT)
Received: from EXSRV2.EKFU.LOCAL (unknown) by MEG01.ekfu.local with smtp id 5dbb_00fd_e2f6ed77_44a2_4c36_8fd2_e1b9e36413f3; Wed, 19 Apr 2017 08:50:14 +0300
Received: from EXSRV2.EKFU.LOCAL (192.168.6.66) by EXSRV2.EKFU.LOCAL (192.168.6.66) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Wed, 19 Apr 2017 08:50:09 +0300
Received: from EXSRV2.EKFU.LOCAL ([fe80::6c7a:98e:167a:c815]) by EXSRV2.EKFU.LOCAL ([fe80::6c7a:98e:167a:c815%20]) with mapi id 15.00.1130.005; Wed, 19 Apr 2017 08:50:09 +0300
From: Muhammad Nasir Mumtaz Bhutta <mmbhutta@kfu.edu.sa>
To: "Haynes, Dan" <dhaynes@mitre.org>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Adam Montville <adam.w.montville@gmail.com>, "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: [sacm] Components for Vulnerability Assessment
Thread-Index: AQHSuERKq0pCGcuZGk6T1IeeVl6ke6HK+0gAgAAHngCAAAHogIABKyhA
Date: Wed, 19 Apr 2017 05:50:08 +0000
Message-ID: <c0000ffed23d4ca3b013d9cb1d68a171@EXSRV2.EKFU.LOCAL>
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com> <DM5PR09MB1354969FE7F3B67DC662A84AA5190@DM5PR09MB1354.namprd09.prod.outlook.com> <10eb6709-c198-5fdc-1306-cb19c2f6da89@sit.fraunhofer.de> <DM5PR09MB1354C4B0912DA300919F4D13A5190@DM5PR09MB1354.namprd09.prod.outlook.com>
In-Reply-To: <DM5PR09MB1354C4B0912DA300919F4D13A5190@DM5PR09MB1354.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.137.28.234]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/U_AwHJ4KrB0CE9RGxFtEjH9faCw>
Subject: Re: [sacm] Components for Vulnerability Assessment
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 05:50:44 -0000
Hi every one, I have joined this group recently and want to know more about the discussion topic. It looks like some architecture is being discussed in the thread. >From where should I get more information about this so that I can participate and contribute my thoughts as well. Thanks. Regards, =============================================== Muhammad Nasir Mumtaz Bhutta, PhD Assistant Professor, Information Systems Dept College of Computer Sciences and Information Technology King Faisal University Saudi Arabia Alahssa 31982 P.O. Box 400 Tel + 966 (013) 589 9207 Fax + 966 (013) 589 9236 -----Original Message----- From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Haynes, Dan Sent: Tuesday, April 18, 2017 5:55 PM To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>; Adam Montville <adam.w.montville@gmail.com>; sacm@ietf.org Subject: Re: [sacm] Components for Vulnerability Assessment Hi Henk, The reasoning behind my comment was that in the IETF 98 notes (https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00) it says: --- Per Slide 7: Q: (Adam Montville): Is the vulnerability assessor talk to the repository or talking directly to the collector? A: (Jessica Fitzgerald-McKay): I could see an implementer combining the collector and end-point repository into one. If we're treating them as functional components I'm not sure we need to be that specific. A: (Dave Waltermire): We want this architecture to be de-composable. If we treat the end-point repository as a proxy, we might be making things too complicated. It might be simpler to treat the end-point repository as a data store. A: (Adam Montville): Agreed. Q: (Dave Waltermire) Are there any concerns with separating the end-point repository and the collector being the component responsible for collection? A: <no response> Comment: (Adam Montville): The "results repository" will now go into the "end-point repository. --- Given that, I thought there was some consensus around making that change. Thanks, Danny > -----Original Message----- > From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de] > Sent: Tuesday, April 18, 2017 10:49 AM > To: Haynes, Dan <dhaynes@mitre.org>; Adam Montville > <adam.w.montville@gmail.com>; sacm@ietf.org > Subject: Re: [sacm] Components for Vulnerability Assessment > > Hello Danny, > > the "Assessment Results Repository" and "Endpoint Repository" are two > different components with different functions. The "Endpoint Repository" > of course is the provider for the consumer that is the "Assessment > Results Repository". > > Most certainly, both components can be running on the same endpoint or > be composed in a single service that merges both components. I suppose > that is what you meant? > > For the sake of show-casing how the architecture is working. I would > recommend to start with each SACM component instantiated as a separate > software component. Despite the fact that it looks simpler to just add > the "Assessment Result" to the ""Endpoint Characterization Records" > retained in an "Endpoint Repository". > > Ultimately, people will want to use existing software and > Asset/Inventory Management Software is a big candidate to provide the > functions of an "Endpoint Repository". In consequence, I would keep > these components instantiated separately in the first iteration. > > What does the group think? > > Viele Grüße, > > Henk > > On 04/18/2017 04:21 PM, Haynes, Dan wrote: > > Hi Adam, > > > > > > > > I think this is a good list for me, but, should the assessment > > results repository be merged into the endpoint repository? > > > > Thanks, > > > > Danny > > > > > > > > *From:*sacm [mailto:sacm-bounces@ietf.org] *On Behalf Of *Adam > > Montville > > *Sent:* Tuesday, April 18, 2017 9:04 AM > > *To:* sacm@ietf.org > > *Subject:* [sacm] Components for Vulnerability Assessment > > > > > > > > Hi All: > > > > > > > > We've got a list of components we think we care about for our > > vulnerability assessment scenario (focusing on the narrowest "ideal > > case" through the scenario for the time being. > > > > > > > > These are: > > > > > > > > * Vulnerability Detection Data Repository > > > > * Vulnerability Assessor > > > > * Endpoint Repository > > > > * Collector > > > > * Target Endpoint > > > > * Assessment Results Repository > > > > > > > > For reference, see our wiki [1] and/or the slides from IETF 98 [2] > > and/or the minutes from IETF 98 [3] > > > > > > > > Question to the WG: Is this an appropriate initial list of components? > > > > > > > > Please opine within the next few days (say by end of your day on > > Thursday, wherever you may be), so that we can generate some > > momentum on this effort. > > > > > > > > Kind regards, > > > > > > > > Adam > > > > > > > > [1] > > https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScen > > ar > > io > > > > [2] > > https://www.ietf.org/proceedings/98/slides/slides-98-sacm-vulnerabil > > it > > y-scenario-discussion-00.pdf > > > > [3] > > https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00.txt > > > > > > > > > > > > > > > > _______________________________________________ > > sacm mailing list > > sacm@ietf.org > > https://www.ietf.org/mailman/listinfo/sacm > > _______________________________________________ sacm mailing list sacm@ietf.org https://www.ietf.org/mailman/listinfo/sacm
- Re: [sacm] Components for Vulnerability Assessment Henk Birkholz
- [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Carl-Heinz Genzel
- Re: [sacm] Components for Vulnerability Assessment Muhammad Nasir Mumtaz Bhutta
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- [sacm] Component Communication Sequence (Was - Re… Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville