Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


TNC Endpoint Security Gains Traction



 By: Paul F. Roberts
2005-05-02
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. TNC Endpoint Security Gains Traction
  2. ' Different Approaches '

Rate This Article:
Poor Best
TNC Endpoint Security Gains Traction
( Page 1 of 2 )

But questions remain over Microsoft's Network Access Protection and Cisco's Network Admission Control.The movement toward a vendor-neutral, open architecture for endpoint security will get some momentum this week when the Trusted Computing Group consortium unveils new specifications for the Trusted Network Connect architecture at the Interop trade show in Las Vegas.

But enterprise IT managers who are waiting for integration between TNC and competing schemes from Microsoft Corp. and Cisco Systems Inc. may need a lot of patience.

At the Interop trade show in Las Vegas this week, Trusted Computing Group will release a document describing the TNC (Trusted Network Connect) client-server architecture and specifications for APIs for client and server plug-ins that support the TNC standard.

TNC members also will demonstrate TNC-compliant products, said Thomas Hardjono, a principal scientist at TNG member VeriSign Inc.

Resource Library:
Third-party software vendors will use the new TNC specification documents to build client and server plug-ins that can collect, transmit and evaluate TNC-compliant client "integrity" data, such as whether a machine that is trying to connect to a TNC-protected network is using updated antivirus software, Hardjono said.

More APIs are needed to support network communications at different layers and to create an interface for the Trusted Computing Groups TPM (Trusted Platform Module) security chip. Integration with the TPM will add an extra dimension to client integrity checks, creating unique IDs for client integrity reports that are impossible to forge, he said.

TCG hopes to have specifications for a TPM client-server interface and for more network transport layers by the end of the summer, bringing the Trusted Network Connect architecture closer to completion and allowing vendors to develop fuller solutions based on TNC, Hardjono said.

But TNC adds more letters to what is already an alphabet soup of competing client security architectures, including Microsofts NAP (Network Access Protection) and Ciscos NAC (Network Admission Control). Plans for tying the architectures together are sketchy, according to interviews with executives.

Read more here about the Trusted Network Connect specification.

The three schemes have similar goals: allowing network administrators to enforce security policies and perform health checks on client machines, such as laptop and desktop computers, before they are allowed to access a network. Client security is a major issue for network security administrators such as Adam Hansen of Sonnenschein Nath & Rosenthal LLP in Chicago.

The law firm already has more laptop than desktop computers and an increasingly mobile workforce, which makes it difficult to monitor critical issues such as operating-system patches and security vulnerabilities, Hansen said. "We have to be able to see you to check on you. We see these mobile workers as a threat when they come back into our network," he said.

However, keeping busy attorneys offline while their system is patched or disinfected can be expensive, Hansen said.

The firm already does quarantining using the Hercules automated vulnerability remediation software from Dallas-based Citadel Security Software Inc. to do limited client security checks, but a solution such as NAC, NAP or TNC would be a more holistic solution, he said.

Next Page: Different approaches to the client security puzzle.





  Reader Comments: TNC Endpoint Security Gains Traction
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Paul F. Roberts
 


x}kw89v2EzّrdK5m[K'G"!m䐔mu _zPqNl BUP(#I"f\:̢d7郿O$wmL9PK Ϡ^=WZj:@a5NzpDwd>J`OS{S  5Ǔ6ޙ1=/SmL}F7\3Ѣmeb ^Pk$ȁ_ ܢ%yH#RpERGB@Te$oQX}؁䛿Q=2tS6B!|D X^P~FD;ǎ5~{N0/Pcw0}Gdh9r4=yͰ [Ƌaz.91rx&Լ;@ *YsDƞ4HC d"LJA`:t,#G^C]ݱ\./RF͌iAw4ԬkSzcG 3G(&$gtjv?ĭ(R If%[aWJ ̋5g?LG`B'lǦ" 'm_j| 5n938"3z3 wjHUo~cnh1 ;E&sؗ#Y֌`F-S4uXUJZ-rpX;ߋWm8eڳG2^oKPVTP]:9~`hiv$ eUS ^_wD_*"0QI)i|/ Z@ WP uN.kzQҏZ-_ kEKXOr ])2,R!t'lni_77^ۧ'77fٚY Jedvb!?ޛ:W۳5mս푳 i?uN=d#t:+?fV'_Z-/z O{uHZz>540Z-$%VM&usJr,Oeo//!}O}fr*GrI/o,oG$cM|Ap6 2Tc]vjGo__ VYK70Sh_?g}=w a4z@L4&:h)5?&1gMab&DJH7Q ۤ%/^(P%!P샚_.[ jF|*T($ٛ"G;z̈_"ʥcp1S{.S4ipq|ZoV͉*]XYujZlE?KsqiH{vІ)WC EhYf7-vIQMm{QkJ jVBM)b(7Z`Lm,5,Ltͬ Y0`贎;mJ{ϧ0gPP? M/6}@˥qn>1 @ Lna 8 V83 4Cuәݰ=Wԇ9[ϩ50C m|&6l d $4)syp;LM)σ-JCˋF0P 2/?6axşP}MrA=S9{ʹiǀxԘGڀ;r%Ea1CDȣ I.B$(ZȻB!Alq [$pXdl++~#y-#!btK%6Os@PG҅3vJX:D;7 K){TKh!+K@fsfh(4{~u}bB+|#'bXr`Y \h+|i)lc ը[6؛cU& MXCtH{23-4a [N@Z4$f.*d٢S9`Ǟ,4ğN'=Ǻd׃ +L+fL(A\_XHaN&=]7m(tsjڰ`DWjm>!4ÃiА4Xy笳Z&5SF`ߑn86̜07ÚL ~Dg虉m>`4fs)wdm˴c7UBgsNPB/W2 \_&VAB5 6d:ɤPlͳrt+[Y3nR>Raj)dj~#J͸^`3h{q#%IAg =e河@tXKnuooEI8Jۥa]hk%T<7Bɶ/^¢xmP2D֑Rkò=2P< Cx EZ҆TSs  X?U.*rM}d29lĪ%VI,Yv(M$7C~0.m^φgXީy>|$=r;6? )8yy4!%2$N?&BXi @Zl&T&fj>Y[*^|W(+ȁUruXkj2익])/_(g76y+CoLu Dm G#|Ӛ#Os'])=D^ClX.~j"yd\8˰De9F3r,yȦ d͞0RJҴg& gziD(e˜,o秚F#埯OQB#؉ 74q`(1Z3l%3u&Z0Xzz|pE% Wlv r)RLZޙ0@ykLv0"4n\1$/Pk .a@C^hCSL@ΧrE\ έ(h[ZpSE abIt?H M!rB3]==1挮~5t!VbL(RTpW`qGϏxWG"MT$h/Op}OiԛųυڀRz7|;C9㑏..V˰ c.Z$ c?`׊_Vk,9+ifaL['ʂX& ,$W 2tXܙ 0>A,Ca&:`BE Ms8-!y@{yλWԴ'*&5b34JmBt)D`&~؇^gm/JRښuZu^ _쥨]hD1(dQ@4@bC_C܏.n<1WϟhėX[ѦWX t^ЛIl CCݛEvz}l~EYdy3is32k-_O澩ÇS˙yrn8z|.Hg\Q|{kD^ >W9.^ٸ y;@<uEUK [0< d&T~#\{YRvVlΠ7`Mmg_0ͮ 2 \+ z7uO`uH7m}-odٞD4|w/͇Εi{ÏU[J:^w9&hWG,YE# !B^7)5Bk;d4)H3zI]a3+"AKվ̂ $"j*M3dn ʺ~фm9ºY PH2&_1ha c{ z H)'4 N9:v\b/;ȖVB R`2"(BS.iDO§,>49S9j67 EGW%'K; z-[N7S+t,#=]/8ʚ=?Nju>!4|㿜Y$ !r!0xc`sAZ~jiԎ8%4 \H"{-~=rr(s[=JT(lOܡMF]kցGS9^))GAGJ脊fye%))eH5NRMLE]OE/ $;kB:\x{ gaM.m2jt.?6D20Y6[ .VMG0_Ӹ\bwND XY+oxt7>CTդ g껰ΫX>Gqbx'~@0E;䈜Z0{~R*ۦNm3ytl=Oݙ bN~ؑq eީӊ0k{R̵jRjs2fG4}BNj=0ف9k֦@t cᮾ S ~U ުn8Gqܚx0u?+dc: M"I^QԼڭUdE)IW=ۋ7R^q+<ctHߴ/lځ{-3(l#{zi8_2{K7Kx=*~C'Lw.z@r@qw6{Zg%QJW=(qM@jjiAr\"~^YZ䑽DXHڃ} FuUmq5OxcZy‡i襶N;ƛ;`!3ȑ#+Ӡ9MH.v 1= l;mݭnM M A;"J [4 2UCnK_:Z1iE0pDa '$\y5 ߊ;bE#Ɠt-ۊ&ZQ|9N83{K4WlZSgלL_lZS|  \(.BӞ Ea_Ͻz2.mE>zQc%F}?^ϗIO 4˼tYÃrDp' Xb lfN}4HTdOHes~zx"5=4 FA ej->;V$ļR',!O?cYO3? ~"D( m0{}!`6';ћ!Fa,O{kD%W\`ytdO76As{YjQȫ71S"fUFiN  -1:q] a7k/erN H !ailkcť`ke_`5_Ҥ [myda(q#9g BO06vp[),;7_jZӖ70HXeEW yI~FʎRؖ3*/Vsyh,dWA.DnYtJɘpLȇ1zoooo?]b}^3%E]l&(-0y^x8LL;/Lm|刜<C柳IɢƘ_f{ ouc[r‹9.YN5 S ԛK44 ti>BmɑvC1 !O8DmA8 ֳǠ}!~x6!" ]jo/#kGsrƋ4mRaV{*an7l`}H" HDCQ(B]$ 5nYCFud* 2Wp= J4K)x[2XLG0hOѓf}v 3skyO#{"[E> 6s>IzQpA/j7;4~~~~~bჯ]`'1tqIJ3dG.S63L Bu!P,^߻F #GR*-`+YA1v2z"_\?~բzo&*g2+z+))\|~`bwC`j<" T ^ҾHe$]:>*5CՀ,q-*q93PtJ$!-Ah)]qoƗ/FD91\ܼ>NϘ U^%U>E~},!kl]y)V?lx)6nk2e_r|=aɄIތecjS[3ŇaNr6ԴpRƊ @]d),$Kdg&;E ~]"R:DN<[,%_Udva;hOn>i-nb1DKb@/]j }LT<|́+T+rlW4w=u̒2.NdãEzpV xu`Y+ Z&ƘKjxߤZ)ԔՒ|Rӊ,w)]dDo-yWsƌ7FSj9椷 G]!DxXtCHU) &u0Z`nh1]9h񬦘!Vy <7L8Vy ۓ6vn&)m'hzBRKo^;C'ܬDIdB f߭ګ<'<)ڢ R_ݱ&>]ĢQNdqZƒM)RӰp-|ri?NRUzB9|IfjRcX()r Pc[.oؑZCr\Pa'ܨ.1~>-,b'c0?17`^*j9y[9i-`/ǐ9<LtxZډbLkR91 G+1w[ w5k Q= #Ep{wi/)1~J+k6G&p<%iѩ H[5ATJ{3EJMh>#Ծ7=ǎ#^tau{ι\`{"Nh ͬ-)J%!V\Hc0 ":;M[f9l6a?Dsnjqt)HDr-lZqaHn#E..ڰkbD )m3FwG#SOc+SPuv<1_+@JLB8̲jNT\OpY=XCE3 c _^ĭbQ'ruY_D@_tKgZ't Mx37+ SxrC7)ʕE-%=ہhpa3l@1"s?"I:Nu~^PԓFGe)׀g"xBW7˽}D['鍀Cxhb#3FZP0\Ǎm3CsAڷv߾顇U Cy|P_uit9aT0>Ԥ <8$EuE)^)4[Y» k&(?,p E {GLƙ;fQs @b~H-*vqY@y+LL͂`Aa~L­!Rjs# h_X48`YXej xpƧxm tH ɖàzP8Y|obyLgA~\b @Ԑ08nB<䱤Pl <'צ5H릧u;1u_F`p3W .TJ> Mj E>gٕa)豢G _coSwV7Xz+i+* 9I͑;^)^y@| LBz،\;1C39ސ&9iIIstI{g} \MG٩;'Us5L<G_ me |Q);KFYyfvʌPNGcͅfU,xE^/J>M`\͞?NbD(/* F^MÀecZjݴ{=5Zq-ƫx]b12;ZTmzfx9j0c=W܄qP ">^sФo%u?C@/7P~ (By794h3Ot},>2#\_~5;;\(u2UF9{ϽPy}Ȁ]2c|. /e|e}/>/3K D(?A2/2+ ..n~fk 3޿23(_3*>e )~P~U{mF$)cf5qvJ$kdK " SV9,2kP(Xi7Zeu\~ y/>{'sg+i\WKI0ntEճKT3cn%:@ba/! c|U$X2M*;#(78%Y}M#htoĶ.b!Iy=0?$Mu{1پWߕ\~UnE+tVq&R2#s"q6G#a@A0=FUys"X5½p'oeybnAR-}#}~L(/(G.v8)n7wpK|*SG0%nsOkr>uS"[~|^Y;yx߇ oBgv=j{4qa C/ja<}e\ 76ǛN3{xuC7W͋uC=gz}yPW4MdBgpXc$+"7<R9Kq`FPKt-ӯ.1"q`j@L ;JCU=T*[)WJr=DDݣ(BUN-U˅Z0X\^9Q(Fuo*K0fy=q̐ga1V1;BDO"׏ ѱ7)F]We",d 'ݢȗጽNۯXC R1 1@e^*q0*z6d%Q&\ʠaCao/XbKZ;c`\;=4gjY }dy0\9Kh]V=ȾwF=Ck6%x-7:\AQs 0 hJ/.ӡGx1#KQ,Vk2 50=_u–'"F;B.:N7/ɱwؼ!B0BkNX0( 8[]^Nȇ~j+<8^k$ " n+QVLZDA1tx&QgULM̸_av)]'2 /.|J 1-XԱhkоxA I4[HN,'c@诿J`Xkt JV7BFČr\r'O^h r!n Aflk8ӕc+whoO^!MveF&^1jxoBo.;4mF[2ݔ-{DBlvKLL\'PxUE0P$=Cf KǣxƠC)e hD0n9wsYD:۫DEPޙik./;v4R*4$NS]O?5o'[nI 5E`0v4aehDSL/Tvy* *>% /)i?wKu_InvGD g>6'كl2=p6g!(Fْ[0Fu:h/Asl2q#o[ +"ۂ K-Ӵ>u¥"UXJMX,8. kti9Qh~0r"#<[_-\cf)+ot%(5x2{nΆOVek[$v/-'vJ^S.u 7tleb @J\u D7#D*@}X^c 0У,*059 q얢U.nDl`aA0n,ـ&@6v)E=b농\ ШpSTUD's^k'gymE]E>*9Ѝ5ϰ|3'5ȱ ya1 g{y6W=?5zl5F9anm,eH&}+qd. " $8jVI{{a0&iE-㨤t`C v_ʉ~ph;?҈>A wVǰYF!&ۅ7O80Ux|-h\}{M_;9LgѸ:"?X";]2*玅A-Z12Mo,gkV"K깘#gy= `5>gvC%{݄6y8 ]Ll&j1Bi6e1}t1yLX+0_kAsLeU|tCGYEL`&;]+N%t&ж?f8CfƲ 7cP.X-'B@S .x CG,$?ˋ}P byx ŧ$NS?|T+ K+ Sq|h/]7,{՗ΚG<|Xyx8~']f(FRqO\||8(>^tob344OpxՒŠҜ%!toZ4!ջnZɊxY޿`(XE Ch⍿#014ߛiVA$摝7yE1um*V8vᷮ g۲M* d.%rR⊫+EiQm*' Cfan%nǝl| n%96L]_[ PYo&