[secdir] [New-work] WG Review: Recharter of Network Endpoint Assessment (nea)

IESG Secretary <iesg-secretary@ietf.org> Tue, 15 September 2009 18:00 UTC

Return-Path: <secdir-bounces@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E3E63A6A82 for <secdir@core3.amsl.com>; Tue, 15 Sep 2009 11:00:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.299
X-Spam-Level:
X-Spam-Status: No, score=-105.299 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yMiVDcpcPDrA for <secdir@core3.amsl.com>; Tue, 15 Sep 2009 11:00:29 -0700 (PDT)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by core3.amsl.com (Postfix) with ESMTP id BCCE03A6842 for <secdir@ietf.org>; Tue, 15 Sep 2009 11:00:28 -0700 (PDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n8FI1GFm008182 for <secdir@ietf.org>; Tue, 15 Sep 2009 14:01:16 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n8FI1DlU008176 for <secdir@PCH.mit.edu>; Tue, 15 Sep 2009 14:01:13 -0400
Received: from mit.edu (M24-004-BARRACUDA-1.MIT.EDU [18.7.7.111]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id n8FI0wZ2010254 for <secdir@mit.edu>; Tue, 15 Sep 2009 14:00:59 -0400 (EDT)
Received: from mail.ietf.org (localhost [127.0.0.1]) by mit.edu (Spam Firewall) with ESMTP id D6CA2258B946 for <secdir@mit.edu>; Tue, 15 Sep 2009 14:00:53 -0400 (EDT)
Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by mit.edu with ESMTP id 6oI7W3sUuS2tDhPi for <secdir@mit.edu>; Tue, 15 Sep 2009 14:00:53 -0400 (EDT)
X-Barracuda-Envelope-From: new-work-bounces@ietf.org
Received-SPF: pass (mit.edu: domain of new-work-bounces@ietf.org designates 64.170.98.32 as permitted sender) receiver=mit.edu; client_ip=64.170.98.32; envelope-from=new-work-bounces@ietf.org;
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2C05B28C183; Tue, 15 Sep 2009 11:00:04 -0700 (PDT)
X-Original-To: new-work@ietf.org
Delivered-To: new-work@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 81DDB28C15A; Tue, 15 Sep 2009 11:00:01 -0700 (PDT)
From: IESG Secretary <iesg-secretary@ietf.org>
To: new-work@ietf.org
Mime-Version: 1.0
Message-Id: <20090915180001.81DDB28C15A@core3.amsl.com>
Date: Tue, 15 Sep 2009 11:00:01 -0700 (PDT)
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: secdir@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: secdir-bounces@mit.edu
Errors-To: secdir-bounces@mit.edu
X-Mailman-Approved-At: Tue, 15 Sep 2009 11:01:30 -0700
Subject: [secdir] [New-work] WG Review: Recharter of Network Endpoint Assessment (nea)
X-BeenThere: secdir@ietf.org
Reply-To: iesg@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2009 18:00:30 -0000

A modified charter has been submitted for the Network Endpoint Assessment
(nea) working group in the Security Area of the IETF.  The IESG has not
made any determination as yet.  The modified charter is provided below for
informational purposes only.  Please send your comments to the IESG
mailing list (iesg@ietf.org) by Tuesday, September 22, 2009.

Network Endpoint Assessment (nea)
------------------------------------------------------------
Last Modified: 2009-08-24

Additional information is available at tools.ietf.org/wg/nea
Chair(s):

    * Stephen Hanna (shanna@juniper.net)
    * Susan Thomson (sethomso@cisco.com)

Security Area Director(s):

    * Tim Polk (tim.polk@nist.gov)
    * Pasi Eronen (pasi.eronen@nokia.com)

Security Area Advisor:

    * Tim Polk (tim.polk@nist.gov)

Mailing Lists:
General Discussion: nea@ietf.org
To Subscribe: http://www.ietf.org/mailman/listinfo/nea
Archive: http://www.ietf.org/mail-archive/web/nea

Description of Working Group:

Network Endpoint Assessment (NEA) architectures have been implemented
in the industry to assess the "posture" of endpoint devices for the
purposes of monitoring compliance to an organization's posture policy
and optionally restricting access until the endpoint has been updated
to satisfy the posture requirements. An endpoint that does not comply
with posture policy may be vulnerable to a number of known threats 
that may exist on the network. The intent of NEA is to facilitate 
corrective actions to address these known vulnerabilities before a 
host is exposed to potential attack. Note that an endpoint that is 
deemed compliant may still be vulnerable to threats that may exist on 
the network. The network may thus continue to be exposed to such 
threats as well as the range of other threats not addressed by 
maintaining endpoint compliance.

Posture refers to the hardware or software configuration of an endpoint
as it pertains to an organization's security policy. Posture may
include knowledge that software installed to protect the machine (e.g.
patch management software, anti-virus software, host firewall software,
host intrusion protection software or any custom software) is enabled
and up-to-date. An endpoint supporting NEA protocols can be queried for
posture information.

An organization may make a range of policy decisions based on the
posture of an endpoint. NEA is not intended to be prescriptive in this
regard. Supported deployment scenarios will include, but are not
limited to, providing normal access regardless of compliance result
along with any recommendations for remediation ("advisory mode"), as
well as providing restricted access sufficient for remediation purposes
and any essential services until an endpoint is in compliance
("mandatory mode"). Specifying mechanisms for providing restricted
access is outside the scope of the NEA WG.

Since NEA involves many different components from different vendors,
interoperability is important. The NEA working group will
develop standard protocols at the following three  layers in the 
architecture: the Posture Attribute protocol (PA),  the Posture Broker 
protocol (PB), and the Posture Transport protocol (PT). PA and PB will 
be  designed to support a variety of PT protocols. Together,  PA, PB 
and the mandatory to implement PT protocols will allow interoperability 
between an NEA Client from one vendor and an NEA Server from another.

Since there are already several non-standard protocols at these
layers, the NEA working group will consider these existing protocols as
candidates for the standard protocols. A requirements document will be
written and used as a basis for evaluating the candidate protocols. The
working group may decide to standardize one of the candidate protocols,
use one of them as a basis for a new or revised protocol, or decide
that a new protocol is needed.

The NEA Requirements document will include a problem statement,
definition of terms, requirements for the PA and PB protocols, and an
overall security analysis. It will also include generic requirements
for the protocol transporting PA, PB: the Posture Transport protocol
(PT).

The PA (Posture Attribute) protocol consists of posture attributes that
are carried between a particular Posture Collector in a NEA client and
a particular Posture Validator in a NEA Server. The PA protocol is
carried inside the PB protocol. A base set of standard posture
attributes will be specified that are expected to address many common
posture policies. Vendor-specific attributes will also be supported;
vendor-specific attributes will be identified by a private enterprise
number and a vendor assigned value. Vendors are strongly encouraged to
document vendor-specific attributes in an RFC. The NEA WG will
investigate the use of a standard syntax for all attributes.

The PB (Posture Broker) protocol aggregates posture attributes from one
or more Posture Collectors in an NEA client and sends them to the NEA
server for assessment by one or more Posture Validators.

The PT (Posture Transport) protocol carries the PB protocol. The 
expectation is that the PT protocol is a shim protocol that defines an 
encapsulation of PB within an existing standard transport protocol. 
Existing standard transport protocols will be leveraged to the extent 
possible. The NEA WG may specify more than one PT to meet the 
requirements of different deployment scenarios. The NEA WG will specify 
at least one mandatory to implement PT protocol. PT protocol 
specifications must describe any limitations that they impose on PB and 
PA (e.g. half duplex).

One commonly discussed issue with NEA systems is how to handle
compromised endpoints, whose reports of their own posture may not be
accurate. Detecting or handling such endpoints is out of scope of the
NEA WG. Work on PA will focus on attributes useful for assessing
posture of those endpoints reporting accurate information. However, the
protocols developed by the NEA WG must be designed to accommodate
emerging technologies for identifying and dealing with lying endpoints.

Note that NEA is not chartered to develop standard protocols for
remediation. NEA is intended to be used with new or existing tools that
can be used in the absence of NEA. NEA is applicable to computing
enterprise environments, where endpoints accessing the enterprise's
network are owned and/or expected to conform to the policies set forth
by the organization that owns and operates the network. All other
cases are outside the scope of the NEA charter, since we do not know
that NEA would be useful in such cases. NEA applicability and security
considerations will be described in the appropriate NEA documents.

Further work in the NEA WG will be considered via the rechartering
process after the completion of these milestones.


Milestones

Done      At IETF 67, discuss issues with NEA Requirements I-D
Done      Submit first draft of NEA Requirements I-D
Done      At IETF 68, resolve any open issues with requirements I-D
Done      Submit revised NEA requirements I-D
Done      Discuss NEA Requirements I-D
Done      Submit revised NEA requirements I-D
Done      WGLC on NEA requirements I-D
Done      At IETF 69, resolve any remaining issues raised at Last Call
Done      Submit revised NEA requirements I-D
Done      Submit NEA Requirements I-D to the IESG for IETF Last Call as 
           Informational RFC
Done      Submit revised NEA requirements I-D
Done      Proposals for PA and PB due
Done      Review and resolve proposals at IETF 71
Done      Post first WG version of PA and PB
Done      Post second version of PA and PB
Done      Resolve issues at IETF 72
Done      Post third version of PA and PB
Done      WGLC on PA and PB
Done      Resolve WGLC comments at IETF 73
Done      Post fourth version of PA and PB
Done      IETF LC for PA and PB
Done      IESG considers PA and PB for Proposed Standard
Sep 2009  Call for proposals for the PT protocol(s)
Oct 2009  Proposals due
Nov 2009  Review PT protocol proposals at IETF 76
          Decide how to resolve differences and issues
Dec 2009  Post first WG version of PT protocol(s)
Jan 2010  Review and resolve issues
Feb 2010  Post second WG version of PT protocol(s)
Mar 2010  WG Last Call on PT protocol(s)
          Resolve issues from WG Last Call at IETF 77
Apr 2010  Post third WG version of PT protocol(s)
May 2010  Submit PT protocol(s) to IESG
_______________________________________________
New-work mailing list
New-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work
_______________________________________________
secdir mailing list
secdir@mit.edu
https://mailman.mit.edu/mailman/listinfo/secdir