network access control for education
Download
Skip this Video
Download Presentation
Network Access Control for Education

Loading in 2 Seconds...

play fullscreen
1 / 18

Network Access Control for Education - PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on

Network Access Control for Education. By Steve Hanna, Distinguished Engineer, Juniper Co-Chair, Trusted Network Connect WG, TCG Co-Chair, Network Endpoint Assessment WG, IETF. As Access Increases Mission-critical network assets Mobile and remote devices transmitting the LAN perimeter

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Network Access Control for Education' - yanisin-vargas


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
network access control for education

Network Access Controlfor Education

By Steve Hanna, Distinguished Engineer, Juniper

Co-Chair, Trusted Network Connect WG, TCG

Co-Chair, Network Endpoint Assessment WG, IETF

implications of expanded network usage

As Access Increases

Mission-critical network assets

Mobile and remote devices transmitting the LAN perimeter

Broader variety ofnetwork endpoints

Faculty, staff, parent,and/or student access

Implications of Expanded Network Usage

Critical data at risk

Perimeter security ineffective

Endpoint infections may proliferate

Network control can be lost

Network Security Decreases

network access control solutions

Control Access

    • to critical resources
    • to entire network
  • Based on
    • User identity and role
    • Endpoint identity and health
    • Other factors
  • With
    • Remediation
    • Management
  • Consistent Access Controls
  • Reduced Downtime
    • Healthier endpoints
    • Fewer outbreaks
  • Safe Remote Access
  • Safe Access for
    • Faculty, Staff
    • Students, Parents
    • Guests
    • Devices

Features

Benefits

Network Access Control Solutions

Network access control must be a key component of every network!

what is trusted network connect tnc
What is Trusted Network Connect (TNC)?
  • Open Architecture for Network Access Control
  • Suite of Standards to Ensure Interoperability
  • Work Group in Trusted Computing Group (TCG)
tcg the big picture
TCG: The Big Picture
  • Applications
    • Software Stack
    • Operating Systems
    • Web Services
    • Authentication
    • Data Protection

Desktops &

Notebooks

Printers &

Hardcopy

Security Infrastructure

Storage

TCG

Standards

Mobile

Phones

Servers

Networking

Security Hardware

tnc architecture overview

PDP

TNC Architecture Overview

Access Requester (AR)

Policy Enforcement Point (PEP)

Policy Decision Point (PDP)

VPN

Wireless

FW

Wired

Network

Perimeter

typical tnc deployments
Typical TNC Deployments
  • Uniform Policy
  • User-Specific Policies
  • TPM Integrity Check
uniform policy

PDP

Uniform Policy

Access Requester (AR)

Policy Enforcement Point (PEP)

Policy Decision Point (PDP)

Remediation

Network

  • Non-compliant System

Windows XP

    • SP2
    • OSHotFix 2499
    • OSHotFix 9288
    • AV - McAfee Virus Scan 8.0
    • Firewall

Client Rules

Windows XP

- SP2

- OSHotFix 2499

- OSHotFix 9288

- AV (one of)

- Symantec AV 10.1

- McAfee Virus Scan 8.0

- Firewall

Production

Network

  • Compliant System

Windows XP

    • SP2
    • OSHotFix 2499
    • OSHotFix 9288
    • AV – Symantec AV 10.1
    • Firewall

Network

Perimeter

user specific policies

PDP

User-Specific Policies

Access Requester (AR)

Policy Enforcement Point (PEP)

Policy Decision Point (PDP)

Guest

User

Guest

Network

Internet Only

Ken –

Faculty

Classroom

Network

Access Policies

- Authorized Users

- Client Rules

Linda –

Finance

Finance

Network

Windows XP

  • OSHotFix 9345
  • OSHotFix 8834
  • AV – Symantec AV 10.1
  • Firewall

Network

Perimeter

tpm integrity check

PDP

TPM Integrity Check

Access Requester (AR)

Policy Enforcement Point (PEP)

Policy Decision Point (PDP)

  • TPM – Trusted Platform Module
  • Hardware module built into most of today’s PCs
  • Enables a hardware Root of Trust
  • Measures critical components during trusted boot
  • PTS interface allows PDP to verify configuration and remediate as necessary

Client Rules

- BIOS

- OS

- Drivers

- Anti-Virus Software

Production

Network

  • Compliant System

TPM Verified

    • BIOS
    • OS
    • Drivers
    • Anti-Virus Software

Network

Perimeter

tnc architecture in detail

Integrity Measurement

Collectors (IMC)

Integrity Measurement

Verifiers (IMV)

TNC Server

(TNCS)

Collector

Verifiers

(IF-M)

t Collector

Verifers

(IF-IMC)

(IF-IMV)

(IF-TNCCS)

TNC Client (TNCC)

(IF-PTS)

(IF-T)

Platform Trust

Service (PTS)

(IF-PEP)

Network

Access

Requestor

Network Access

Authority

Policy

Enforcement

Point (PEP)

TSS

TPM

TNC Architecture in Detail

Access Requester (AR)

Policy Enforcement Point (PEP)

Policy Decision Point (PDP)

tnc status
TNC Status
  • TNC Architecture and all specs released
    • Available Since 2006 from TCG web site
  • Rapid Specification Development Continues
    • New Specifications, Enhancements
  • Number of Members and Products Growing Rapidly
  • Compliance and Interoperability Testing and Certification Efforts under way
tnc vendor support
TNC Vendor Support

Access Requester (AR)

Policy Enforcement Point (PEP)

Policy Decision Point (PDP)

EndpointSupplicant/VPN Client, etc.

Network Device

FW, Switch, Router, Gateway

AAA Server, Radius,Diameter, IIS, etc.

tnc nap uac interoperability
TNC/NAP/UAC Interoperability
  • Announced May 21, 2007 by TCG, Microsoft, and Juniper
  • NAP products implement TNC specifications
    • Included in Windows Vista, Windows XP SP 3, and Windows Server 2008
  • Juniper UAC and NAP can interoperate
    • Demonstrated at Interop Las Vegas 2007
    • UAC will support IF-TNCCS-SOH in 1H2008
  • Customer Benefits
    • Easier implementation – can use built-in Windows NAP client
    • Choice and compatibility – through open standards
what about open source
What About Open Source?
  • Several open source implementations of TNC
    • University of Applied Arts and Sciences in Hannover, Germany (FHH)

http://tnc.inform.fh-hannover.de

    • libtnc

https://sourceforge.net/projects/lib/tnc

    • OpenSEA 802.1X supplicant

http://www.openseaalliance.org

    • FreeRADIUS

http://www.freeradius.org

  • TCG support for these efforts
    • Liaison Memberships
    • Open source licensing of TNC header files
summary
Summary
  • Network Access Control provides
    • Strong Security and Safety
    • Tight Control Over Network Access
    • Reduced PC Administration Costs
  • Open Standards Clearly Needed for NAC
    • Many, Many Vendors Involved in a NAC System
    • Some Key Benefits of Open Standards
      • Ubiquity, Flexibility, Reduced Cost
  • TNC = Open Standards for NAC
    • Widely Supported – HP, IBM, Juniper, McAfee, Microsoft, Symantec, etc.
    • Can Use TPM to Detect Root Kits
  • TNC: Coming Soon to a Network Near You!
for more information
For More Information
  • TCG Web Site
    • https://www.trustedcomputinggroup.org
  • Juniper UAC Web Site
    • http://www.juniper.net/products_and_services/unified_access_control
  • Steve Hanna
    • Distinguished Engineer, Juniper Networks
    • Co-Chair, Trusted Network Connect Work Group, TCG
    • Co-Chair, Network Endpoint Assessment Working Group, IETF
    • email: [email protected]
    • Blog: http://www.gotthenac.com
ad