Download
1 / 12
120 likes | 267 Views
IF-MAP: Open Standards for Coordinating Security. Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna shanna@juniper.net. Server Security. Web Services Security. Identity Management. Server/Service Security. Network Intrusion Detection & Prevention. Network Anti-Virus.
E N D
IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna shanna@juniper.net
ServerSecurity Web ServicesSecurity IdentityManagement Server/ServiceSecurity Network IntrusionDetection & Prevention Network Anti-Virus NetworkFirewall VulnerabilityScanners Virtual PrivateNetworks Data LossPrevention NetworkSecurity Host Anti-Virus Host Firewall Host IntrusionDetection & Prevention HostSecurity Information Security Past - Isolation
ServerSecurity Web ServicesSecurity IdentityManagement Server/ServiceSecurity Network IntrusionDetection & Prevention Network Anti-Virus NetworkFirewall VulnerabilityScanners Virtual PrivateNetworks Data LossPrevention NetworkSecurity Host Anti-Virus Host Firewall Host IntrusionDetection & Prevention HostSecurity Information Security Present –Partial Coordination Network AccessControl (NAC)
ServerSecurity Web ServicesSecurity IdentityManagement Server/ServiceSecurity Network IntrusionDetection & Prevention Network Anti-Virus NetworkFirewall VulnerabilityScanners Virtual PrivateNetworks Data LossPrevention NetworkSecurity Host Anti-Virus Host Firewall Host IntrusionDetection & Prevention HostSecurity Information Security Future –Full Coordination NAC withIF-MAP
VPN Basic NAC Architecture Access Requestor (AR) Policy Decision Point (PDP) Policy Enforcement Point (PEP)
VPN Integrating Other Security Systems Access Requestor (AR) Policy Decision Point (PDP) Sensors, Flow Controllers Policy Enforcement Point (PEP) Metadata Access Point (MAP)
Policy Decision Point t IF-M Integrity Measurement Collector Integrity Measurement Verifiers (IMV) Verifiers Collector Verifiers Collectors (IMC) IF-MAP IF-IMC IF-IMV Sensor IF-MAP MetadataAccess Point IF-TNCCS TNC Client (TNCC) TNC Server (TNCS) IF-MAP IF-PTS FlowController Platform Trust IF-T IF-MAP Service (PTS) IF-MAP Network Access Requestor NetworkAccess Authority IF-PEP Policy Enforcement Point (PEP) TSS TPM IF-MAP TNC Architecture PolicyEnforcementPoint Sensors and Flow Controllers MetadataAccessPoint Access Requestor
What is IF-MAP? • Standard Published by Trusted Computing Group • https://www.trustedcomputinggroup.org/groups/network • Standard Requests & Responses • Publish, Search, Subscribe, Poll • Standard Identifiers • device, identity, ip-address, mac-address, access-request • Standard Metadata • device-attribute, event, role, capability, layer2-information • Standard Links (marked with metadata) • access-request-device, access-request-ip, access-request-mac, authenticated-as, authenticated-by, ip-mac • Protocol Binding for SOAP • Ability to define optional vendor-specific extensions
IF-MAP Benefits • More Informed Sensors • Sensors can tune by role and other things • Should reduce false alarms • Policy and Reports in Business Terms • User identity and role vs. IP address • Simpler, easier to manage • Automated Response (if desired) • Faster response = stronger security • Less expense due to automation • Customer Choice and Flexibility • No need to buy all security products from one vendor • Can reuse and integrate existing security systems
Security and PrivacyConsiderations • MAP = Storehouse of Sensitive Data, Critical Nerve Center • MUST • TLS with mutual auth for IF-MAP clients • publisher-id and timestamp to track changes • SHOULD • authorization, DOS protection, anomaly detection, physical and operational security, hardening, etc. • not keep historical data
