TCG NAC resources, and why I blog pseudo-anonymously

Posted by Ken Y-N on November 25th, 2008 at 01:48pm

Network World recently published a story mentioning the presence of the TCG resources page that I have covered recently, but two tangental parts of the article caught my eye:

While TPM has been shipped in thousands and thousands of PCs

Make that millions and millions!

Then, there was the reason that I don’t mention who I work for on the blog. Having said that, it’s not terrible hard to discover the answer, but at least it makes it clear (I hope) that I’m blogging under my own steam, not as a representative of my employer:

A recent blog post by Lisa Lorenzin, a member of the Trusted Computing Group who works for Juniper Networks, says that legitimate objections to TPM exist. One she details is that the sheer number of dlls, drivers and services that load on machines when they boot up, makes TPM unwieldy.

Perhaps I’m reading too much into this statement, which is a misrepresentation (or at least a misinterpretation) of her post to the official TCG blog, where she said that the Trusted Network Connect cannot easily report the state of the operating system in detail due to the multitude of DLLs or drivers within a system, although there are other standards to address this.

My thinking is that one solution may be a trusted hypervisor that can monitor the state of the operating system and produce a report. The Mobile Phone Working Group (MPWG) has an alternative solution based on certificates that may also provide a solution; however a mobile device has a very different configuration to that of a general purpose computer.

However, I can agree with their conclusion:

Developers should take a look at this resource page to see whether it can shake loose ideas on how to make TPM practicable as a way to secure endpoint enforcement of NAC. If made more secure, it would help remove a major objection to endpoint NAC enforcement.

Tags: , ,

Under TNC Tags: , ,

Leave a Comment for TCG NAC resources, and why I blog pseudo-anonymously

Required

Required, hidden

RSS Comments Feed RSS Comments Feed  |  Trackback this post

Recent Articles
Adverts

Tags
Blogroll
Categories