We all have 'em. How to secure 'em? Networks and keeping the information flowing safely was the second topic of the day at Monday's Trusted Computing Group (TCG) RSA Conference session, which opened and closed to a full house at Moscone Center.
Even as TCG's Trusted Network Architecture (TNC) architecture has been widely adopted and supported in hundreds of products from networking infrastructure vendors, security is a moving target. As it has evolved, TCG has expanded TNC to keep up. A big question right now is how to coordinate all the gear, information and apps that many security and IT staff have put into place. Many of these products are key role-players, but there has not been a way to tie them together. TCG developed its IF-MAP (Interface-Metadata Access Protocol) to do just that: through a simple API, all kinds of endpoints, sensor and other devices can talk!
Chris Salter of the NSA opened the session talking about a vision for security automation. Takeaway? Standards are critical - they're understood by all critical components and take advantage of existing infrastructure. TCG's IF-MAP provides a way to publish/subscribe, request/alert and instruct - enabling not only notification of security issues but also a way to enforce policies. Salter said that such security automation enables accounting for every host, user and application; enables sensors to share info; supports compliance and response and overall allows rapid information-sharing in a centralized way. His slides are available here.
Sounds good, but details, please? David Lennon, of TCG member Lumeta, obliged with a bit more detail on security automation and IF-MAP. In Lennon's words, "...we have many forms of security but they are rarely integrated together. Custom integration is very expensive and it only works for a particular combination of vendor products. There are a few standards such as SNMP and syslog but they are very primitive, just grabbing problem alerts." How does IF-MAP help? Lennon notes, "...The TNC architecture lets you integrate all those existing systems and many more with each other and with your NAC system...uses a Metadata Access Point, which is basically a database that stores information about who's on your network, what device they're using, what their behavior is, and all sorts of other information. Your existing security systems use this Metadata Access Point or MAP to integrate with each other and with your NAC system."
In the real world, JIm Clifford of Los Alamos National Laboratory detailed the evolution of that organization's network, from some users connected directly to the Internet to accommodation for a variety of users including visitors, contractors, researchers and others. Some security measures were too lenient, others too strict for the circumstances. At the same time, LANL wanted to accommodate mobile devices, multiple operating systems, cloud computing, VoIP and others. Infrastructure based on TNC was implemented to enable NAC. It dynamically assigns enclaves, and uses IF-MAP to coordinate a variety of devices. A huge rip and replace, you say? NOT, noted Clifford. Much existing infrastructure was used with some updates. And by basing the improved network structure on standards, Clifford anticipates future savings and upgrades.
Wondering about the big show buzzword, BYOD? Well, we covered that, too in a short presentation by Steve Hanna, Juniper Networks and co-chair, TCG's TNC Work Group. Hanna noted that the BYOD environment represents a lack of control over these devices, the risks associated with these devices being used at home and dealing with equipment lost when employees leave or lose them. The solution? Provide access based on trust levels - something that can be done using TNC and key concepts of Trusted Computing, which can authenticate users, identify and assess devices, provide appropriate access based on all factor and separate mission-critical services.
Interested in more details? Slides are available here.