[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] [Mud] [OPSAWG] putting quarantined IoT devices behind a captive portal



Montgomery, Douglas (Fed) <[email protected]> wrote:
    > Most of the devices I think of as actual IoT devices have no direct
    > UI/shell.  Your only interaction with them after initial
    > “install/configure” is through their cloud web service interface.

That's true for many devices, but not all.
Even light bulbs have output interfaces :-)

    > Having said that I think your model is fine.

Good.

    > I would suggest detecting device reboot would be one signal to clear
    > quarantine state.  Since MUD “misbehavior” is mostly instantaneously
    > detectable (1 packet), I am not that concerned that the device might
    > reboot for others reasons and still be infected.

Device reboot probably needs an attestation to be believed.

    > One might keep a counter and a time stamp of quarantine clears and if
    > you a device had N MUD violations after quarantine clears in X time,
    > lock it down in quarantine or completely take it off line.

Reasonable, but in the space of quality of implementation, I think.

--
Michael Richardson <[email protected]>, Sandelman Software Works
 -= IPv6 IoT consulting =-



Attachment: signature.asc
Description: PGP signature