OpenSEA Charts Open-Standards Approach to Securing the Edge

Seven security companies team up to create an open standard to get edge devices such as laptops and printers chirping to each other in the wireless world-a scenario that will also form the glue for NAC.

Seven security companies have teamed up to hammer out an open standard to get edge devices—such as laptops and printers—chirping to each other in the wireless world.

The group, called the OpenSEA (Open Security Edge Access) Alliance, says that the open-source standards to build secure networking technologies are lacking on the client side.

"Why this is important is to ensure the ability of organizations to roll out secure networks, whether theyre wireless networks or wired networks," said Roy Chua, Identity Engines vice president of product marketing and management and a founder of the new alliance, in an interview with eWEEK. "802.1x is critical to that. Its a standard embedded in network technology today. In switches, in wireless access points, its there. Its lacking on the client side. Essentially whats been missing is a way for clients to universally have a way of getting on the network regardless of what desktop platform you have: Linux, Macintosh, Windows, [etc.]."

The founding members—Aruba Networks, Extreme Networks, Identity Engines, Infoblox, Symantec, TippingPoint and Trapeze Networks—announced on March 14 the formation of the alliance, which will be a group dedicated to the development, promotion and distribution of an open-source 802.1x supplicant. Also in the mix is JANET/UKERNA, a network/governing body dedicated to education and research in the United Kingdom.

/zimages/7/28571.gifConSentry bolsters security at the networks edge. Click here to read more.

Chua described the group as being dedicated to improving the security of organizations with regard to securing access to the edge.

"One [thing] we view as [being] important to securing access to the edge is to take upon ourselves a project we believe will improve deployment of the standard, 802.1x, which describes how wireless networks and wired networks describe themselves to the network," he said.

It gets better, though. Paul Sangster, a board member of the OpenSEA Alliance and Symantecs chief security standards officer and distinguished engineer, said in an interview that NAC (Network Access Control) is a whole other area that connects into the 802.1x architecture and protocols and allows for some "very powerful things" in addition to authenticating a user.

"For instance, you can inspect the contents of a system joining the network and decide whether its free of viruses and is running a company-approved firewall with company-approved policy so theres a likelihood it hasnt been infected before joining the network," he said.

The initial project, focused on the 802.1x supplicant, will be built based on existing open-source supplicants, which is found on SourceForge today. The alliance will put its energies into evolving that supplicant into an enterprise-strength solution, Sangster said, including making it more manageable and user-friendly.

The supplicant will be another piece in the puzzle of NAC, a security platform now in its nascent stage that will not only authenticate users before they log into a network, but will also run a health check on the system attempting to log in, quarantining any device it finds lacking with regard to company policies, up-to-date anti-virus signatures or other security shortfalls.

/zimages/7/28571.gifWhat is the state of NAC? Find out here.

"From a user perspective, I think what well be seeing if this takes off is a model like Firefox," Chua said. "We hope this will be the Firefox of supplicants, where you have this supplicant on every desktop. If users come onto a wireless network or a wired network, theyll be prompted for access. With regard to how youre trying to get on the network, youll be asked to authenticate yourself. Along with authentication to the network, you may choose to … query the health of the system. Thats all possible in a much more secure, identifiable way."

For network operators it also means the ability to ensure that as users come in, based on who they are and what rights they have, theyll be put on specific parts of the network where they have particular rights of access.

On the user side, this could mean different types of access. Some users may get a higher quality of service because they paid for it, for example. College faculty could get higher QOS to get their research projects done. Students prowling the Web to download music may get a lower QOS.

Wikipedia describes 802.1x as an IEEE standard for port-based Network Access Control that provides authentication to devices attached to a LAN port, establishing a point-to-point connection or preventing access from that port if authentication fails. Some wireless access points use 802.1x. The standard is also available on certain network switches and can be configured to authenticate hosts that are equipped with supplicant software, denying unauthorized access to the network at the data link layer.

Essentially, the standard, which has been around for a long time, describes to a wireless network how an end device works.

The OpenSEA Alliance said in a statement that Jon Oltsik, an analyst at Enterprise Strategy Group, spearheaded the formation of the alliance to provide open-source networking and security alternatives to speed up technology adoption and bolster network security.

"In a network-connected world challenged by ever-growing sophisticated security threats, open source solutions provide an avenue for standards-based implementation and rapid technology adoption," Oltsik said in the statement. "In this way, I believe that open source efforts like the OpenSEA Alliance can lead to security and privacy advances that benefit society at large as well as individual organizations and users."

The alliance says its first priority is to develop a robust, cross-platform open-source 802.1x supplicant that mimics Firefox in its high reliability, wide distribution and easy availability.

The group also plans to churn out open-source networking and security technologies. Its doors are open to technology vendors, academic institutions, industry standards groups and individual developers who want to join the group and work on its projects.

Group members will be talking about the alliance and x supplicant at Interop in Las Vegas May 20 to May 25. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.