Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Slides:



Advertisements
Similar presentations
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group August 4, 2010 Bagsværd, Denmark- PWG F2F Meeting.
Advertisements

PWG-IDS Differences of the attributes between NEA and NAP protocols By Ron Nevo Sharp June 2008.
Enabling Secure Internet Access with ISA Server
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Vpn-info.com.
7 Effective Habits when using the Internet Philip O’Kane 1.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
The Global API Federation
Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security and Policy Enforcement Mark Gibson Dave Northey
SEC316: BitLocker™ Drive Encryption
Information Security in Real Business
1 When Cloud Networking meets Cloud Computing: Software-Defined Networking (SDN) Customer Application Faan DeSwardt Infrastructure Architecture Manager.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect: Open.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
Hacker Zombie Computer Reflectors Target.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Network Access Control for Education
Copyright © 2008 Juniper Networks, Inc. 1 Network Access Control and Beyond By Steve Hanna, Distinguished Engineer, Juniper Co-Chair, Trusted.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
TRUSTPORT PRODUCT PORTFOLIO Marcela Parolkova Sales Director.
Trusted Computing Platform Alliance
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect Briefing.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.
September 29, 2009Computer Security Awareness Day1 Fermilab.
Secure Credential Manager Claes Nilsson - Sony Ericsson
Firmware Storage : Technical Overview Copyright © Intel Corporation Intel Corporation Software and Services Group.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Computer viruses The effects of a virus are…  Slow loadings  Crashing  Not having control over the computer  Deleting documents.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
1 IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Agency Introduction to DDM Dell Desktop Manager (DDM) Implementation.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)
What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.
Managing Windows Security
Critical Security Controls
Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.
TCG’s Embedded System and IoT Focus
Trusted Network Connect: Open Standards for NAC
HOW DO I KEEP MY COMPUTER SAFE?
Securing Windows 7 Lesson 10.
(With Hybrid Network Support)
Intel Active Management Technology
Presentation transcript:

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network Access Control Deployment and Applications Paul Sangster Co-Chair TNC Working Group Distinguished Engineer Symantec Corporation

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #2 Agenda Problem Space Network Access Control Trusted Network Connect –Architecture –Participants –Usage example –Integration with security hardware

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #3 Malware Infecting Network Malware includes: viruses, worms, spyware, adware, … Detection and prevention difficult –Good security protections available (AV, firewalls…) –Malware constantly evolving, so must security protection –Challenging to keep up to date –Many security protections not in use Spread of Malware serious cost –IT costs, reputation, downtime, lost productivity… Many network entry points for Malware –Carried on mobile devices –Embedded in other objects

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #4 Identity-based Network Access Today, access to network restricted by Identity Identity established via re-usable credentials (password) Malware on system can steal credentials No check for system integrity before access –Use of malware protection, firewalls, proper patches –Presence of malware  Result: Even authorized people introduce malware to network

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #5 Need Automated Checking Automated Integrity Compliance Checks –Before being given access to the network –While present on network –Remediation support for non-compliant Multi-vendor ecosystem Centralized management Integrated with existing Identity-based controls –Allow certain individuals/roles more flexibility  Role of Network Access Control (NAC)

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #6 General Model NAC Software on Endpoint Device –Collects integrity information about state of system Includes: vendor, version, patch level, configuration, … –Reports on requested state of system –Optionally leverage security hardware (TPM) Central Compliance Decision Point –Requests integrity information (policy driven) –Compares integrity information to compliance policy –Decides on network access level Notifies network infrastructure of level of access granted –May request remediation

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #7 Trusted Network Connect (TNC) Working group within Trusted Computing Group (TCG) –Creating open, multi-vendor NAC standards Open NAC Architecture –Documented API and protocol interfaces Open NAC Standards –Free download from TCG web site

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #8 Basic TNC Architecture

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #9 TNC Standards Key: APIs, Network Protocols, Future

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #10 Example TNC Policy Endpoint MUST have … –Up to date OS and application patches –IT-defined password policy settings –Anti-virus enabled and up to date If not, –Quarantine and remediate Except guests, –Who just get Internet access Policy applied from central PDPs

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #11 Example Flows Patch Level IMC Patch Level IMV NARPEPNAA TNCCTNCS Anti-Virus IMC Anti-Virus IMV Password Policy Settings Patch Level AntiVirus Version Definition File Date QUARANTINE REMEDIATION Antivirus Version Definition File Date

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #12 TNC Ecosystem – August 2006

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #13 Protecting the TNC Client How can the PDP be sure the TNC client is accurately reporting its state? TNC client needs protection from malware –Malware could trick the client into reporting incorrect information –Malware could act as a measurement collector (IMC)  Answer: base security on hardware-rooted security mechanisms isolated from malware

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #14 TPM as Root for TNC Security Trusted Platform Module (TPM) –Hardware security module found on 10M+ systems –Includes cryptography engines (RSA, SHA-1) and key storage –Non-resettable registers Store aggregated fingerprints of SW/Configs –Create digital signature of register contents as basis for a report Platform Trust Service (PTS) –TCG specified software capable of creating Integrity Report –Integrity Report can include: Signed manifest of software running on system TPM signed set of registers corresponding to manifest details TNC Client can leverage PTS to report on its integrity and other software running on system

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #15 For More Information TCG Web Site TNC Web Site

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #16 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.