Trusted Network Connect

Last updated

Trusted Network Connect (TNC) is an open architecture for network access control, promulgated by the Trusted Network Connect Work Group (TNC-WG) of the Trusted Computing Group (TCG). [1] [2] [3]

Contents

History

The TNC architecture was first introduced at the RSA Conference in 2005. [4] TNC was originally a network access control standard with a goal of multi-vendor endpoint policy enforcement. [5]

In 2009 TCG announced expanded specifications which extended the specifications to systems outside of the enterprise network. [6] Additional uses for TNC which have been reported include Industrial Control System (ICS), SCADA security, [7] [8] and physical security. [9]

Specifications

Specifications introduced by the TNC Work Group: [10]

TNC Vendor Adoption

A partial list of vendors who have adopted TNC Standards: [15]

Also, networking by

TNC Customer Adoption

The U.S. Army has planned to use this technology to enhance the security of its computer networks. [16]

The South Carolina Department of Probation, Parole, and Pardon Services has tested a TNC-SCAP integration combination in a pilot program. [17]

See also

Related Research Articles

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call system. NFS is an open IETF standard defined in a Request for Comments (RFC), allowing anyone to implement the protocol.

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.

SCADA is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery.

Zigbee is an IEEE 802.15.4-based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection. Hence, Zigbee is a low-power, low-data-rate, and close proximity wireless ad hoc network.

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">Blade server</span> Server computer that uses less energy and space than a conventional server

A blade server is a stripped-down server computer with a modular design optimized to minimize the use of physical space and energy. Blade servers have many components removed to save space, minimize power consumption and other considerations, while still having all the functional components to be considered a computer. Unlike a rack-mount server, a blade server fits inside a blade enclosure, which can hold multiple blade servers, providing services such as power, cooling, networking, various interconnects and management. Together, blades and the blade enclosure form a blade system, which may itself be rack-mounted. Different blade providers have differing principles regarding what to include in the blade itself, and in the blade system as a whole.

<span class="mw-page-title-main">Wireless USB</span> Wireless radio communication protocol

Wireless USB (Universal Serial Bus) is a short-range, high-bandwidth wireless radio communication protocol created by the Wireless USB Promoter Group, which is intended to increase the availability of general USB-based technologies. It is unrelated to Wi-Fi and different from the Cypress Wireless USB offerings. It was maintained by the WiMedia Alliance which ceased operations in 2009. Wireless USB is sometimes abbreviated as WUSB, although the USB Implementers Forum discouraged this practice and instead prefers to call the technology Certified Wireless USB to distinguish it from the competing UWB standard.

The Data Distribution Service (DDS) for real-time systems is an Object Management Group (OMG) machine-to-machine standard that aims to enable dependable, high-performance, interoperable, real-time, scalable data exchanges using a publish–subscribe pattern.

Xsupplicant is a supplicant that allows a workstation to authenticate with a RADIUS server using 802.1X and the Extensible Authentication Protocol (EAP). It can be used for computers with wired or wireless LAN connections to complete a strong authentication before joining the network and supports the dynamic assignment of WEP keys.

strongSwan is a multiplatform IPsec implementation. The focus of the project is on authentication mechanisms using X.509 public key certificates and optional storage of private keys and certificates on smartcards through a PKCS#11 interface and on TPM 2.0.

<span class="mw-page-title-main">Trusted Computing Group</span> American-based computer technology consortium

The Trusted Computing Group is a group formed in 2003 as the successor to the Trusted Computing Platform Alliance which was previously formed in 1999 to implement Trusted Computing concepts across personal computers. Members include Intel, AMD, IBM, Microsoft, and Cisco.

<span class="mw-page-title-main">Trusted Platform Module</span> Standard for secure cryptoprocessors

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889. Common uses are to verify platform integrity, and to store disk encryption keys.

Intel Trusted Execution Technology is a computer hardware technology of which the primary goals are:

IEC 60870 part 6 in electrical engineering and power system automation, is one of the IEC 60870 set of standards which define systems used for telecontrol in electrical engineering and power system automation applications. The IEC Technical Committee 57 have developed part 6 to provide a communication profile for sending basic telecontrol messages between two systems which is compatible with ISO standards and ITU-T recommendations.

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.

The Opal Storage Specification is a set of specifications for features of data storage devices that enhance their security. For example, it defines a way of encrypting the stored data so that an unauthorized person who gains possession of the device cannot see the data. That is, it is a specification for self-encrypting drives (SED).

The Interface for Metadata Access Points (IF-MAP) is an open specification for a client/server protocol developed by the Trusted Computing Group (TCG) as one of the core protocols of the Trusted Network Connect (TNC) open architecture.

Linaro is an engineering organization that works on free and open-source software such as the Linux kernel, the GNU Compiler Collection (GCC), QEMU, power management, graphics and multimedia interfaces for the ARM family of instruction sets and implementations thereof as well as for the Heterogeneous System Architecture (HSA). The company provides a collaborative engineering forum for companies to share engineering resources and funding to solve common problems on ARM software. In addition to Linaro's collaborative engineering forum, Linaro also works with companies on a one-to-one basis through its Services division.

The Physical Security Interoperability Alliance (PSIA) is a global consortium of more than 65 physical security manufacturers and systems integrators focused on promoting interoperability of IP-enabled security devices and systems across the physical security ecosystem as well as enterprise and building automation systems.

Cloud Infrastructure Management Interface (CIMI) is an open standard API specification for managing cloud infrastructure.

References

  1. ""Using Trusted Network Connect for NAC — FedTech Magazine" — FedTech Magazine". Archived from the original on 2011-07-10. Retrieved 2010-10-14.
  2. "Wireless Infrastructure Advice, Discussion, Community". Network Computing. Retrieved 2017-05-03.
  3. "Archived copy" (PDF). Archived from the original (PDF) on 2011-07-13. Retrieved 2010-10-20.{{cite web}}: CS1 maint: archived copy as title (link)
  4. "'Trusted Network Connect' Puts Hardware Security Agent in Every PC - - - Informationweek". www.informationweek.com. Archived from the original on 4 September 2012. Retrieved 3 February 2022.
  5. Vijayan, Jaikumar (2005-05-09). "Vendor Group Adds Net Access Specs". Computerworld. Retrieved 2017-05-03.
  6. 1 2 "Trusted Computing Group Widens Security Specs Beyond Enterprise Networks". Darkreading.com. 18 May 2009. Retrieved 2017-05-03.
  7. "Not your Father's Control System | Tofino Industrial Security Solution". Tofinosecurity.com. Retrieved 2017-05-03.
  8. "Securing SCADA and Control Networks". Archived from the original on 2011-07-28. Retrieved 2010-09-13.
  9. "Hirsch Demonstrates Industry's First Standards-Based Network / Physical Access Control Enforcement Solution". Archived from the original on 2009-12-30. Retrieved 2010-10-14.
  10. "Trusted Computing Group Continues to Extend TNC Specifications | Current Analysis". Archived from the original on 2010-01-09. Retrieved 2010-09-15.
  11. "Archived copy" (PDF). Archived from the original (PDF) on 2011-01-03. Retrieved 2010-10-14.{{cite web}}: CS1 maint: archived copy as title (link)
  12. "TCG Trusted Network Connect : TNC IF-TNCCS: Protocol Bindings for SoH" (PDF). Opus1.com. Retrieved 2017-05-03.
  13. "Archived copy" (PDF). Archived from the original (PDF) on 2011-09-28. Retrieved 2010-10-14.{{cite web}}: CS1 maint: archived copy as title (link)
  14. "Archived copy" (PDF). Archived from the original (PDF) on 2011-09-30. Retrieved 2010-10-14.{{cite web}}: CS1 maint: archived copy as title (link)
  15. Archived 2011-07-16 at the Wayback Machine
  16. "Archived copy" (PDF). Archived from the original (PDF) on 2006-10-03. Retrieved 2006-08-05.{{cite web}}: CS1 maint: archived copy as title (link)
  17. Jackson, William (2010-09-28). "Speed of cybersecurity rises with combination of Trusted Network Connect and Security Content Automation Protocols". Fcw.com. Retrieved 2017-05-03.

Sources