[IDS] Prototype report on HCD NAP Binding (12 November 2012)

[IDS] Prototype report on HCD NAP Binding (12 November 2012)

Ira McDonald blueroofmusic at gmail.com
Tue Nov 13 00:46:52 UTC 2012 

Hi,

A PWG member company has prototyped the PWG HCD Health Attributes NAP
Protocol Binding
with the following reported results:


"We did a prototype of NAP on an MFP in 2009-2010. The most recent specs to
which the prototype
was developed were wd-idsattributes10-20100409.pdf and
wd-ids-napsoh10-20100409.pdf.

We tested using 802.1x, not the other protocols. We implemented all of the
mandatory attributes.

We didn't have any user apps or patches installed, there was no PSTN, and
forwarding wasn't supported
in the device, so we didn't test the conditionally mandatory attributes.

We didn't do any of the optional attributes.

It all worked well enough as a demonstration prototype.

However, we did find an issue with HCD_Default_Password_Enabled: which
password (or passwords)
should be checked?

   - If there are multiple administrative logins, should all be checked?
   What if some of them are not
   security-relevant? What if some could be considered security-relevant
   but do not administer any
   of the settings that are covered by the health check?
   - If there are different passwords for different administrative
   protocols (e.g., http,  ssh, ...), should
   all be checked?"


Cheers,
- Ira (PWG Secretary)


Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG IPP WG
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - TCG Embedded Systems Hardcopy SG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music/High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto:blueroofmusic at gmail.com
Winter  579 Park Place  Saline, MI  48176  734-944-0094
Summer  PO Box 221  Grand Marais, MI 49839  906-494-2434
Temporary Cabin *** 2012 only *** 906-494-2523

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20121112/d85ff714/attachment-0001.html>

More information about the ids mailing list