Vendor Group Adds Net Access Specs

A proposed network access control standard, developed by a large group of vendors that includes IBM, Intel Corp. and Microsoft Corp., could soon help give IT managers a set of vendor-neutral tools for enforcing security policies on end-user devices.

The Trusted Network Connect (TNC) specifications were detailed at last week's Interop conference in Las Vegas. Also announced at the show were a pair of application programming interfaces (API) that vendors can use to develop TNC-based tools, as well as plans for the first products implementing the standard.

Like similar approaches from individual vendors such as Cisco Systems Inc. and Microsoft, TNC will let IT managers set rules to permit, restrict or deny network access to end users, depending on whether their systems have the required firewalls, antivirus tools, software updates and configuration settings.

Such capabilities are crucial for avoiding attacks launched via compromised PCs and mobile systems, said Ahmed El-Haggan, CIO at Coppin State University in Baltimore. "It's great to be able to take care of a security problem at the network level before it reaches my servers and my applications," he said.

The core difference between TNC and approaches such as Cisco's Network Admission Control program is that TNC is designed for networks built around products from multiple vendors.

The Portland, Ore.-based Trusted Computing Group developed TNC and plans to release at least four more APIs over the next several months, said Thomas Hardjono, co-chairman of the organization's infrastructure working group.

The interfaces will give vendors a standard way to capture, share and verify the various pieces of information that are needed to authenticate client devices and ensure that they comply with security policies, said Hardjono, a principal scientist at VeriSign Inc.

Hardjono's group is also working to refine specifications for a hardware component called the Trusted Platform Module, a microcontroller that can store passwords, digital certificates and configuration data for identifying and attesting to the security of client systems.

But the group can't afford to "waste 18 months squabbling among themselves about the finer points of their standard," said Jim Slaby, an analyst at The Yankee Group in Boston. "I think there's a lot of time pressure on them. There's a bit of a race to get endpoint policy enforcement schemes out in the market."

At Interop, for example, Juniper Networks Inc. outlined a broad network security framework that it plans to fill out over the next few years .

And another vendor, Nortel Networks Ltd., has also announced technologies that let its customers enforce network access control policies.

Funk Software Inc., a Cambridge, Mass.-based company that helped develop TNC, last week said it's building support for the specifications into its Steel-Belted Radius/Endpoint Assurance server and its 802.1x-based Odyssey Client software agent. Those products are due to be available for user trials late this month.

McAfee Inc. and Check Point Software Technologies Ltd. also demonstrated support for TNC last week.

Hardjono noted that a total of seven vendors have already said they will implement the standard in products.


Trusted Network Connect

WHAT IT IS: A vendor-neutral standard designed to give IT managers tools for enforcing network security polices on client devices.

HOW IT WORKS: Software agents collect information on the security status of end-user devices and relay it to servers that assess compliance with corporate policies.

5 ways to make Windows 10 act like Windows 7
Shop Tech Products at Amazon