Trusted Network Connect (TNC)



Similar documents
Network Access Control (NAC) and Network Security Standards

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Security Orchestration with IF-MAP

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Security Coordination with IF-MAP

Orchestrated Security Network. Automated, Event Driven Network Security. Ralph Wanders Consulting Systems Engineer

Trusted Network Connect (TNC)

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

NETWORK ACCESS CONTROL

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Did you know your security solution can help with PCI compliance too?

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Readiness Assessments: Vital to Secure Mobility

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Deploying Firewalls Throughout Your Organization

Start building a trusted environment now... (before it s too late) IT Decision Makers

SANS Top 20 Critical Controls for Effective Cyber Defense

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Building A Secure Microsoft Exchange Continuity Appliance

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Policy Management: The Avenda Approach To An Essential Network Service

Best Practices for Outdoor Wireless Security

BlackRidge Technology Transport Access Control: Overview

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Network Access Control (NAC)

Sygate Secure Enterprise and Alcatel

ForeScout CounterACT. Continuous Monitoring and Mitigation

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

How To Protect Your Network From Attack From A Network Security Threat

Cisco Security Optimization Service

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

McAfee Security Architectures for the Public Sector

Internet Content Provider Safeguards Customer Networks and Services

Payment Card Industry Data Security Standard

Microsoft Windows Server System White Paper

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Proven LANDesk Solutions

MaaS360 Mobile Service

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

INSERT COMPANY LOGO HERE

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Cisco Advanced Services for Network Security

Reducing the cost and complexity of endpoint management

How To Secure Your Store Data With Fortinet

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Trust: When Physical and Logical Security Worlds Collide

Analyzing HTTP/HTTPS Traffic Logs

Leveraging Trusted Network Connect for Secure Connection of Mobile Devices to Corporate Networks

IBM Endpoint Manager Product Introduction and Overview

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Network & Information Security Policy

Cloud Based Secure Web Gateway

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Symphony Plus Cyber security for the power and water industries

Section 12 MUST BE COMPLETED BY: 4/22

IBM Endpoint Manager for Core Protection

Why Migrate to the Cisco Unified Wireless Network?

On and off premises technologies Which is best for you?

Securing Unified Communications for Healthcare

Why Switch from IPSec to SSL VPN. And Four Steps to Ease Transition

Unified Threat Management, Managed Security, and the Cloud Services Model

Concierge SIEM Reporting Overview

Intro to Firewalls. Summary

The SIEM Evaluator s Guide

Network Access Control ProCurve and Microsoft NAP Integration

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Strengthen security with intelligent identity and access management

Cyber Security Services: Data Loss Prevention Monitoring Overview

Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Network Access Control in Virtual Environments. Technical Note

Defending Against Data Beaches: Internal Controls for Cybersecurity

» WHITE PAPER X and NAC: Best Practices for Effective Network Access Control.

Achieving PCI-Compliance through Cyberoam

Emerging Trends in the Network Security Market in India, CY 2013

Transcription:

Trusted Network Connect (TNC) Open Standards for Integrity-based Network Access Control and Coordinated Network Security April 2011 Trusted Computing Group 3855 SW 153rd Drive, Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org

Trusted Network Connect (TNC) - Open Standards for Integrity-based Network Access Control and Coordinated Network Security Evolving Cyber Threats Pose Growing Problems Recently we have seen cyberthreats evolving from being passive requiring users actions for transmission, to stealthier tactics that would infect entire network without any user involvement. Threats are now taking on a new dimension as they become more targeted, distributed and sophisticated causing maximum damage to the sphere where it matters most. The IT landscape is also changing as networks converge, services move to cloud, and endpoints become more mobile. Thinning network boundaries, vulnerabilities in unpatched software running in corporate computers, jail broken cell phones and tablets with malicious unverified apps allow code altering root kits and worm infections to infiltrate devices and gain access to confidential data. The resulting theft or modification of proprietary data by professional attackers cracker hobbyists, organized criminals or corporate spies costs billions, ruins businesses and wreaks havoc on identity theft victims. Fortunately, Trusted Network Connect (TNC) technology offers a range of network security and coordinated security solutions today that can protect networks from these threats and attacks proactively and on the fly. Six reasons why TNC makes sense for today s enterprise network: 1) Open, interoperable, standardsbased network security solution. 2) Visibility of all users and devices on network, their behavior and security state, for coordinated security. 3) Count on the added security of trusted hardware. 4) Choose which hardware or software vendor works best for your situation. 5) Save money as you gain control of decisions on security design components. 6) Wide industry support (100+ TCG member companies). TNC Proactively Secures Systems and Keeps Information Safe The Trusted Network Connect (TNC) working group of the Trusted Computing Group (TCG) has created an open, standards-based architecture for endpoint authentication, platform integrity measurement and integrating security systems. The TNC architecture inspects endpoints (network clients and servers) for compliance with security policies before allowing them on the protected network. This ensures that all endpoints are equipped to defend against attacks from rogue systems or compromised devices. Information sharing between network security systems is standardized for better decision making so your business and data are constantly well protected. TNC Offers Open Architecture and Standards for All Platforms By defining an open architecture with standard interfaces, TNC ensures that components from different vendors work together smoothly and securely. An artist with a Macintosh, an accountant with Windows, a UNIX server, an executive with a tablet, and a salesman with a smartphone are all properly checked and verified before gaining network access. Major vendors have announced their support for TNC and more are coming. Strong interoperability and platform support allow customers to maintain vendor choice, leverage installed equipment, and ensure security across their installed base. Copyright 2004 2011 Trusted Computing Group Page 2

TNC Simplifies and Strengthens Network Security TNC Builds on Established Standards TNC builds on established standards such as EAP, TLS and SOAP. This allows it to support a variety of networking technologies: 802.1X (wired or wireless), IPsec or SSL VPNs, conventional LANs, and even dialup. Adoption costs are minimal. Customers can often reuse existing equipment, avoiding the need to sacrifice interoperability or freedom of choice, and still improve their security. TPMs Make Endpoint Software Spoof-proof TNC includes optional support for trusted hardware: the Trusted Platform Module (TPM). This hardware, a single computer chip embedded at the PC board level, serves as the root-of-trust for subsequent machine activities. For instance, the TPM can be used to verify exactly what software is running on an endpoint during a TNC handshake. The TPM or other trusted hardware simplifies the detection of kernel rootkits, which modify the operating system to hide themselves from security software. TPM and TNC work hand-in-hand to form the industry s strongest available endpoint integrity solution. Future-proof Your Network Pervasive computing is driving the need for smart devices that securely interconnect without users needing to do anything. But adding security to devices can be a daunting job for developers, especially if they lack expertise in cryptography, key management and secure coding practices. TNC s open standard helps vendors more easily establish a common interoperable endpoint integrity model for all nodes on the network. Today nearly 100 vendors are preparing and offering TCG-compliant products. Starting now, networks of the future will build in security benefits and administrative efficiencies to servers, routers, switches, devices, applications, and Web services. Who Benefits by Using Trusted Network Connect Products?. Enterprises reduce system compromises, downtime and data loss by ensuring all endpoints on the network comply with security policies IT departments benefit because network devices, endpoint hosts and corporate applications can interact smoothly, allowing efficient and effective security management. Users and customers can still use their favorite devices and platforms, virus scanning software, or security appliance. Vendors reduce cost and complexity by supporting one set of standards instead of many proprietary interfaces. Copyright 2004 2011 Trusted Computing Group Page 3

TNC Checks Security Policy Compliance During Network Access Control Figure1. Network Connection with Integrity Protection Figure 1 illustrates how TNC extends a traditional network access control check, adding a verification of endpoint security policy compliance. In this example, a user with a laptop computer (the Access Requestor) is trying to connect to a protected network. The network is guarded by a Policy Enforcement Point (PEP), which consults a Policy Decision Point (PDP) to determine whether or not the endpoint meets the criteria for full connectivity. This is typical of today s networks, but here the Access Requestor and PDP both contain additional software components which are shown above. The Access Requestor contains a TNC client and plug-in components (Integrity Measurement Collectors, IMCs) that collect integrity measurements from antivirus and other security packages. The PDP contains a TNC server and plug-in components (Integrity Measurement Verifiers, IMVs) that verify these integrity measurements against security policies. During authentication and authorization stage of network access, the following steps are performed: 1. TNC-server on PDP initiates integrity check 2. a. TNC-client collects integrity measurements from IMCs b. TNC-client passes integrity measurements to TNC-Server through PEP 3. TNC-server passes integrity measurements to IMVs, which compare them against security policies and provide access recommendations to TNC-server. 4. TNC-server makes final access decision, sends access decision to PEP and Access Requestor If the integrity check succeeds, the PEP places the Access Requestor on the protected network. If the integrity check fails, the PEP places the Access Requestor in a quarantine environment for remediation. Copyright 2004 2011 Trusted Computing Group Page 4

TNC Integrate multiple security devices for coordinated network security Figure2. Coordinated Network Security Figure 2 illustrates how TNC allows sharing of information among devices to take coordinated and intelligent decisions The TNC architecture lets you integrate Sensors and Flow Controllers like Intrusion Detection Systems, Leakage Detection Systems, switches and so on with each other and with your NAC system using Metadata Access Point (MAP). MAP is a database that stores information about who s on your network, what device they re using, what their behavior is, and all sorts of other information. It s a central database for sharing information between different security systems. TNC uses a single standard SOAP based protocol called IF-MAP for publishing data to the MAP and querying or subscribing to get data from it. So all the security systems can share information with each other using the standard IF-MAP protocol and take intelligent decisions providing unprecedented security. For instance post admission following step are possible 1. IDS detect attack from IP x.x.x.x 2. IDS publishes the IP x.x.x.x to MAP server with appropriate information to raise security event 3. MAP server notifies the PDP that earlier authenticated and authorized user from IP x.x.x.x 4. PDP instructs switch (PEP) to block access from IP x.x.x.x immediately Copyright 2004 2011 Trusted Computing Group Page 5

The TNC Architecture with the Trusted Platform Module (TPM) Figure3. The TNC Architecture Figure 3 illustrates the components of the TNC architecture, including the optional Trusted Platform Module (TPM) and Metadata Access Point (MAP). The dotted lines are standard interfaces (protocols and APIs). A quick description of this architecture will show the flexibility of the architecture. The components on the left comprise the Endpoint or Access Requester (AR). IF-PTS is a standard interface for the TPM-related components. IF-IMC allows security software vendors to develop plug-ins to support their endpoint software (anti-virus, personal firewall, etc.). The Policy Enforcement Point (PEP) guards access to the Protected Network. It passes messages (IF-M and IF- TNCCS) over a transport protocol like EAP-FAST (IF-T). The Policy Decision Point (PDP) makes network access decisions (such as allow, deny, quarantine) based on integrity of the endpoints. It uses IF-IMV to communicate with plug-in policy evaluators and IF-PEP to instruct the PEP when to grant network access. The Metadata Access Point (MAP) has a complete view of the network with PDP, sensors and flow controllers publishing information to it. The same devices can take intelligent decisions by subscribing or querying interesting information from MAP. This is achieved through the IF-MAP protocol. The TCG has published specifications for the above mentioned interfaces. Products implementing the TNC interfaces have been available for more than five years. Copyright 2004 2011 Trusted Computing Group Page 6

TNC Architecture Provides Conclusive Advantages By integrating the trusted hardware of the TPM into a network access control framework and sharing information across security systems using MAP, the TNC architecture provides unprecedented security. The TPM enables detection of any unauthorized software including kernel rootkits, platform authentication, protected storage, and other substantial benefits. In addition to this strong security, the TNC s open interfaces allow components such as flow controllers and sensors from different vendors to be integrated into a single whole. These advantages are driving rapid adoption of the TNC architecture and standards among vendors and customers. Learn More about TCG and TNC More information on the Trusted Computing Group and the TNC, including membership details and the organization s specifications, is available at http://www.trustedcomputinggroup.org Copyright 2004 2011 Trusted Computing Group Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information