Blog of Trust » TNC

Report from TNC PlugFest

Ken Y-N — Thu, 02 Dec 2010 16:58:20 +0000

Lisa Lorenzin from Juniper Networks posted to the official Trusted Computing Group blog regarding the recent TNC PlugFest focusing on TNC IF-MAP Binding for SOAP. I’ve heard about these bi-annual events before, and they do seem like a lot of hard work but fun! It mentions that Open Source projects also participated, but it didn’t note that qualifying Open Source projects can, subject to various not-too-onerous restrictions, get certified for free.

Steve Hanna on military-grade network attacks in India

Ken Y-N — Fri, 08 Oct 2010 16:39:12 +0000

CyberMedia India Online recently published an interesting interview with Steve Hanna of Juniper Networks (he’s co-chair of the Trusted Network Connect working group, not the whole TCG as noted in the article!) on cyber attacks in India.

India is an interesting case as they are being attacked by foreign governments, or at least groups funded by them, so the need for military-grade defences is present not just for governmental concerns, but business too, which is where the Trusted Platform Module and related techniques come in. As Steve Hanna says:

So we need to have military-grade defense even in commercial places. Otherwise the APT [Advanced Persistent Threats] can creep into organizations and infect the systems. And generally it is very difficult to disinfect the machines later.

TNC and SCAP Triumfantly wed

Ken Y-N — Sat, 02 Oct 2010 14:24:50 +0000

I’m a bit baffled by exactly what the benefit is regarding the recent announcement by Triumfant that they have worked with Juniper Networks to integrate TNC into SCAP. I’ve read the article twice and followed all the links, but I’m sadly not much the wiser! Perhaps this is the key:

It may sound elemental, but implementing TNC implies that an organization must have some common minimum security criteria to apply, which surprisingly is not always the case. This is where the integration with SCAP was so natural, as SCAP provides a standard set of criteria that is well defined and readily applicable to the TNC process.

I think it means that SCAP defines a collection of TNC rules (or a collection of TNC rules define a SCAP level), and Triumfant provide policies that describe the SCAP criteria, and their systems ensure that the policies are always enforced.

Why IF-MAP v2.0 is important

Ken Y-N — Sat, 02 Oct 2010 14:06:45 +0000

There’s been an update to the Trusted Network Connect workgroup’s IF-MAP (Interface for Metadata Access Points) protocol to add a new notify feature, according to a post on the official Trusted Computing Group blog.

Some of the things being done with the specification are integrating network authentication with physical presence, tracking IT assets, and integrating legacy SCADA systems into the corporate network.

The Trusted Multi-Tenant Infrastructure Work Group

Ken Y-N — Mon, 27 Sep 2010 15:42:30 +0000

Sorry I’m a bit slow with the news, but the Trusted Computing Group’s Trusted Multi-Tenant Infrastructure Work Group (that’s longhand for Cloud Security, basically) has now publically launched!

The TCG has also published a white paper on Cloud Computing and Security – A Natural Match, that discusses why you want a TPM in the cloud, and there has also been an extension to the IF-MAP protocol for Trusted Network Connect to support the Trusted Multi-Tenant Infrastructure Work Group.

IF-Map is Facebook for endpoint devices

Ken Y-N — Sun, 01 Aug 2010 15:51:03 +0000

An interesting article on the Trusted Computing Group’s (TCG) Infrastructure-Metadata Access Point (IF-MAP) specification has the curious quote that I have used as the title for this article:

"IF-Map is Facebook for endpoint devices," said Matt Webster, product management director at Lumeta and cochair of TCG’s Trusted Network Connect (TNC) workgroup, which developed the IF-MAP specification.

I’m not really sure how well that analogy works for me – if IF-MAP is Facebook, then what is Farmville? – but regardless, the rest of the article is a good read.

TNC certification program announced

Ken Y-N — Fri, 30 Apr 2010 16:42:11 +0000

The official Trusted Computing Group blog recently announced that the certification program for Trusted Network Connect is now up and running. The first products to get certified are two devices from Juniper Networks and the TNC@FHH open source implementation of the TNC protocol. I think it’s great from not just a purely technical viewpoint that an open source implementation has been certified, but it’s also an important PR plus point for the TCG to show that Trusted Computing and Open Source are not mutually incompatible concepts.

Please read the original article for the full story.

TNC’s latest plugfest report

Ken Y-N — Wed, 21 Apr 2010 16:20:34 +0000

The Trusted Computing Group’s Trusted Network Connect working group held their fifth annual plugfest, where fourteen TNC implementations were tested over three days to see how well they played together. Read the linked full report on the TCG web site to see how they all got on.

NAC, virtualisation and cloud security

Ken Y-N — Wed, 14 Apr 2010 15:57:20 +0000

Network World recently published an article by Andreas M. Antonopoulos looking at how security works (or doesn’t) in the cloud.

The basis will be NAC, Network Access Control, as:

With NAC you have endpoints (laptops, smartphones, desktops, printers) connecting to switches ad-hoc and in a transient fashion. Security must be coordinated between the stuff that runs on the endpoint (antivirus, policies and so on) and the stuff that needs to run in the network (firewalls, intrusion detection/prevention) while applying policies dynamically as each endpoint "arrives on the scene".

His NAC solution of choice is that from the Trusted Computing Group’s Trusted Network Connect architecture, which he reckons is a good fit for virtualisation and The Cloud in general.

Video: Steve Hanna at Interop Mumbai 2009

Ken Y-N — Fri, 26 Mar 2010 17:19:00 +0000

I seem to be coming across a lot of video recently, so here is Steve Hanna doing a keynote at Interop Mumbai 2009 on Coordinated Security: A New Paradigm. I got the link from Fix Internet Problems, but I’ll directly inline the five-part YouTube videos into the post.