TNC one element of protecting the network
Posted by Ken Y-N on October 8th, 2009 at 03:01pm
Processor magazine recently published an interesting editorial on Protecting the Network, which described many of the common methods, but also had a section on the Trusted Computing Group’s IF-MAP protocol.
"Intruders look for holes," says Rob Enderle, principal analyst at Enderle Group. "The most common are the gaps between physical and electronic security tools. If both the physical and the electronic methods have to agree, then simple intrusions (use of an employee password or ID card) become vastly more difficult. Come up-to-speed on TCG’s IF-MAP and use it, or something similar, to close this gap."
I’ve seen a demonstration of linking the physical security of swiping an ID card to access to a network by the computer assigned to that card owner, so a machine left on overnight cannot be abused if the owner has gone home. This can be fine-tuned even more, so that wireless networks in higher-security zones can only be accessed by people who are actually present and have sufficient clearance, or even it can just stop people mucking with your computer when you go to the toilet and forget to lock it!
However, at the end of the article there is also a quote from Blake McConnell, at Symantec who says:
Also be sure to implement strong passwords and change them every 45 to 60 days to make it more difficult for intruders to access your data.
Yuck, this is the best way to irritate your users and overload your support desk! One promise of the Trusted Computing Group is to get rid of passwords, or at least remove the burden of having to maintain many passwords, and it is initiatives like Wave Systems’ TPM-based OpenID management system that take us along the path to that goal.
Leave a Comment for TNC one element of protecting the network