The Trusted Computing Group (TCG), whose promoters include IBM, Microsoft and Intel, has released details of a new Trusted Network Connect (TNC) architectural standard for authenticating and enforcing security polices on client devices that connect to corporate networks.
Products following the TNC standard will allow IT managers to set rules to deny, permit, quarantine or restrict network access depending on the security status of a user's PC, laptop or handheld device.
Details of the standard were announced at the Interop show in Las Vegas on Tuesday.
"The problem we are addressing is the increasing number of attacks on client machines through viruses and other malware" that compromise otherwise secure networks, said Thomas Hardjono, co-chairman of the TCG's infrastructure working group. "The aim is to provide an open, standards-based approach to gather and evaluate information that allows network administrators to have a finer level of control for setting network (security) policies."
TNC offers companies a way to more efficiently share endpoint security information in multivendor network environments, said Kevin Walsh director of product technology at Funk Software, a vendor of network access control technologies,
Funk yesterday became one of the first vendors to announce products supporting the new TNC standards. Funk's TNC-based products include its new Steel-Belted Radius Endpoint Assurance server and a new version of its 802.1X Odyssey Client technology.
The technology will allow IT managers to authenticate endpoint devices and ensure that the systems have all the needed firewalls, antivirus tools, software updates and configuration settings before letting them into a corporate network, Walsh said.
The TCG is a nonprofit industry group that touts itself as a developer and promoter of standards for secure computing. The TNC standard is being developed by a TCG subgroup of more than 60 network security and equipment vendors and will eventually include about six separate application programming interfaces that vendors can implement in products.
The APIs will give network and security vendors a standard way to capture, share and verify the various pieces of information needed to authenticate client devices and ensure their compliance with predetermined security policies.
Two APIs were released this week -- the Client-Integrity Measurement Collector and the Server-Integrity Measurement Verifier. The rest of the APIs are scheduled to come out late this year and early next year, Hardjono said.
TCG is also working on specifications for a hardware component called the Trusted Platform Module. The TPM is a micro-controller that can be used to securely store passwords, digital certificates and crucial configuration information for identifying and attesting to the security of client systems on a network. Over 15 million laptops already have TPMs installed in them, Hardjono said.
The TNC standard is similar to Cisco Systems's agent-based Network Admission Control (NAC) initiative, under which Cisco is bundling new functions into its network equipment for helping companies enforce endpoint security policies. The main difference is that TNC is being designed to work in a multivendor networking environment, whereas Cisco's NAC works only with its own network technology.
"The benefit with TNC is that we now have an architecture that can be used by companies with a more heterogenous network environment," said Rita Tetzlaff, senior product marketing manager at McAfee Inc. "Customers can choose the right solutions without having to make any changes to what they were doing before."