Network Access Control for Education

Slides:



Advertisements
Similar presentations
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.
Advertisements

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary and IDS WG TCG Activity Summary August 2010 Bagsvaerd, Denmark – PWG Meeting.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 10 June 2010 Rochester, NY – PWG F2F Meeting Ira McDonald.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 7 April 2010 Camas, WA – PWG F2F Meeting Ira McDonald (High.
1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary May 2011 Webster, NY – PWG Meeting Ira McDonald (High North.
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Interop Labs Network Access Control Interop Las Vegas 2006 Karen O’Donoghue.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Information Security in Real Business
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect: Open.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Module 16: Software Maintenance Using Windows Server Update Services.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security Current portfolio and looking forward October 2010.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
SACM Architecture Based on TNC Standards Lisa Lorenzin & Atul Shah.
Clinic Security and Policy Enforcement in Windows Server 2008.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Selecting the Right Network Access Protection Architecture
Copyright © 2008 Juniper Networks, Inc. 1 Network Access Control and Beyond By Steve Hanna, Distinguished Engineer, Juniper Co-Chair, Trusted.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Surviving in a hostile world  The myth of fortress applications  Tomas Olovsson CTO, Appgate Professor at Goteborg University, Sweden.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect Briefing.
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Solutions for BDMHS  JF&C is a highly qualified company that performs a wide variety if technical services in the Chicago land area to business, government.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
Module 8: Configuring Network Access Protection
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
1 IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Configuring Network Access Protection
Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.
NAC-NAP Interoperability
Agency Introduction to DDM Dell Desktop Manager (DDM) Implementation.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
May 25 – June 15, Technical Overview Bruce Cowper IT Pro Advisor Microsoft Canada Damir Bersinic IT Pro Advisor Microsoft.
Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.
Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.
Managing Network Access Protection. Introduction to NAP Issues  Although corporate networks are highly secured, no control over the configuration of.
JUNOS PULSE Junos PULSE for Windows Junos PULSE Mobile Security Suite.
Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting.
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
D-Link Wireless AP with NAP 802.1x solution
Chapter 7. Identifying Assets and Activities to Be Protected
Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.
Implementing Network Access Protection
Introduction to Cisco Identity Services Engine (ISE)
draft-fitzgeraldmckay-sacm-endpointcompliance-00
Trusted Network Connect: Open Standards for NAC
SVTRAININGS. SVTRAININGS Features of SCCM  Application management  Provides a set of tools and resources that can help you create, manage, deploy, and.
Presentation transcript:

Network Access Control for Education By Steve Hanna, Distinguished Engineer, Juniper Co-Chair, Trusted Network Connect WG, TCG Co-Chair, Network Endpoint Assessment WG, IETF

Implications of Expanded Network Usage As Access Increases Mission-critical network assets Mobile and remote devices transmitting the LAN perimeter Broader variety of network endpoints Faculty, staff, parent, and/or student access Critical data at risk Perimeter security ineffective Endpoint infections may proliferate Network control can be lost Network Security Decreases

Network Access Control Solutions Control Access to critical resources to entire network Based on User identity and role Endpoint identity and health Other factors With Remediation Management Features Consistent Access Controls Reduced Downtime Healthier endpoints Fewer outbreaks Safe Remote Access Safe Access for Faculty, Staff Students, Parents Guests Devices Benefits Network access control must be a key component of every network!

What is Trusted Network Connect (TNC)? Open Architecture for Network Access Control Suite of Standards to Ensure Interoperability Work Group in Trusted Computing Group (TCG)

Security Infrastructure TCG: The Big Picture Desktops & Notebooks Applications Software Stack Operating Systems Web Services Authentication Data Protection Printers & Hardcopy Security Infrastructure Storage TCG Standards Mobile Phones Servers Networking Security Hardware

TNC Architecture Overview Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) VPN Wireless PDP FW Wired Network Perimeter

Typical TNC Deployments Uniform Policy User-Specific Policies TPM Integrity Check

Policy Enforcement Point (PEP) Policy Decision Point (PDP) Uniform Policy Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Remediation Network PDP Non-compliant System Windows XP SP2 OSHotFix 2499 OSHotFix 9288 AV - McAfee Virus Scan 8.0 Firewall Client Rules Windows XP - SP2 - OSHotFix 2499 - OSHotFix 9288 - AV (one of) - Symantec AV 10.1 - McAfee Virus Scan 8.0 - Firewall Production Network Compliant System Windows XP SP2 OSHotFix 2499 OSHotFix 9288 AV – Symantec AV 10.1 Firewall Network Perimeter

User-Specific Policies Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) PDP Guest User Guest Network Internet Only Ken – Faculty Classroom Network Access Policies - Authorized Users - Client Rules Linda – Finance Finance Network Windows XP OSHotFix 9345 OSHotFix 8834 AV – Symantec AV 10.1 Firewall Network Perimeter

Policy Enforcement Point (PEP) Policy Decision Point (PDP) TPM Integrity Check Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) TPM – Trusted Platform Module Hardware module built into most of today’s PCs Enables a hardware Root of Trust Measures critical components during trusted boot PTS interface allows PDP to verify configuration and remediate as necessary PDP Client Rules - BIOS - OS - Drivers - Anti-Virus Software Production Network Compliant System TPM Verified BIOS OS Drivers Anti-Virus Software Network Perimeter

TNC Architecture in Detail Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) (IF-M) (IF-IMC) (IF-IMV) t Collector Collector Integrity Measurement Collectors (IMC) Verifers Verifiers Verifiers (IMV) (IF-PTS) TSS TPM Platform Trust Service (PTS) TNC Client (TNCC) (IF-TNCCS) TNC Server (TNCS) Network Access Requestor Policy Enforcement Point (PEP) (IF-T) (IF-PEP) Network Access Authority

TNC Status TNC Architecture and all specs released Available Since 2006 from TCG web site Rapid Specification Development Continues New Specifications, Enhancements Number of Members and Products Growing Rapidly Compliance and Interoperability Testing and Certification Efforts under way

TNC Vendor Support Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Endpoint Supplicant/VPN Client, etc. Network Device FW, Switch, Router, Gateway AAA Server, Radius, Diameter, IIS, etc. 13

TNC/NAP/UAC Interoperability Announced May 21, 2007 by TCG, Microsoft, and Juniper NAP products implement TNC specifications Included in Windows Vista, Windows XP SP 3, and Windows Server 2008 Juniper UAC and NAP can interoperate Demonstrated at Interop Las Vegas 2007 UAC will support IF-TNCCS-SOH in 1H2008 Customer Benefits Easier implementation – can use built-in Windows NAP client Choice and compatibility – through open standards

NAP Vendor Support

What About Open Source? Several open source implementations of TNC University of Applied Arts and Sciences in Hannover, Germany (FHH) http://tnc.inform.fh-hannover.de libtnc https://sourceforge.net/projects/lib/tnc OpenSEA 802.1X supplicant http://www.openseaalliance.org FreeRADIUS http://www.freeradius.org TCG support for these efforts Liaison Memberships Open source licensing of TNC header files

Summary Network Access Control provides Strong Security and Safety Tight Control Over Network Access Reduced PC Administration Costs Open Standards Clearly Needed for NAC Many, Many Vendors Involved in a NAC System Some Key Benefits of Open Standards Ubiquity, Flexibility, Reduced Cost TNC = Open Standards for NAC Widely Supported – HP, IBM, Juniper, McAfee, Microsoft, Symantec, etc. Can Use TPM to Detect Root Kits TNC: Coming Soon to a Network Near You!

For More Information TCG Web Site Juniper UAC Web Site Steve Hanna https://www.trustedcomputinggroup.org Juniper UAC Web Site http://www.juniper.net/products_and_services/ unified_access_control Steve Hanna Distinguished Engineer, Juniper Networks Co-Chair, Trusted Network Connect Work Group, TCG Co-Chair, Network Endpoint Assessment Working Group, IETF email: shanna@juniper.net Blog: http://www.gotthenac.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.