Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewall Issues Research Group GGF-15 Oct 4 2005 Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.

Published byHugh Hicks Modified over 6 years ago

Similar presentations

Presentation on theme: "Firewall Issues Research Group GGF-15 Oct 4 2005 Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks."— Presentation transcript:

1 Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks

2 Trusted Network Connect Architecture and GridFTP Leon Gommans - University of Amsterdam

3 Content Trusted Network Connect (TNC) Architecture
TNC and gridftp Garage Door Opener Extensible Authentication Protocol (EAP)

4 Trusted Network Connect Architecture
Part of Trusted Computing Group (TCG) work ( Relevant document: TNC Architecture for interoperability v1.0 Show / discuss relevance to Grids.

5 TNC Scope and Goals Allow networks to enforce policy regarding the security state of endpoints. Security state determined by set of integrity measurements of an endpoint. Network access is granted depending on evaluation of endpoint security state. TNC defines architecture for access control and authorization. Leverages existing access control mechanisms such as IEEE 802.1X Defines interoperable interfaces using attributes considering software state, endpoint compliance and platform authentication.

6 TNC Platform Authentication
Concerns two aspects in TCG realm: Proof of identity using a non-migratable Attestation Identity Key - see: Proof of integrity May trust the user (PKI cert., proxy cert.) May trust the connection (SSL, IPSec) But who trusts the platform ? Laptop, PDA moving in and out Enterprise Network Inter-machine communication trust is established via conformance.

7 TNC Architecture Provides framework to achieve a multi-vendor network standard providing: Platform authentication Endpoint policy compliance Access policy Assessment, Isolation and Remediation

8 TNC Architecture cont. Domain 1 Domain 2 Domain 3 Access
Requestor (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Domain 1 Domain 2 Domain 3

9 TNC Architecture cont. AR PEP PDP Integrity Measurement Layer IF-M
Collectors IF-M Integrity Measurement Verifiers IF-IMC IF-IMV Integrity Evaluation Layer TNC Client IF-TNCCS TNC Server IF-T Network Access Layer Access Requestor (AR) Policy Enforcement Point (PEP) Network Access Authority IF-PEP Supplicant VPN Client etc. 802.1X Switch / Firewall VPN Gateway AAA server

10 Globus XIO Globus XIO Driver Driver Driver Network Protocol
Application Disk Special Device Driver Source: The Globus Alliance

11 Globus XIO Framework Moves the data from user to driver stack.
Manages the interactions between drivers. Assist in the creation of drivers. Asynchronous support. Close and EOF Barriers. Error checking Internal API for passing operations down the stack. User API Driver Stack Transform Framework TNC AR Transport Source: The Globus Alliance

12 gridftp Garage Door Opener
RFT Service GridFTP Server GridFTP Server F/W GDO TNC AR F/W GDO TNC AR EAP EAP Virus check Patch levels Other IMC’s Virus check Patch levels Other IMC’s TNC PEP TNC PDP Firewall Application profiles Virus check Patch levels Other IMV’s

13 Extensible Authentication Protocol
RFC 3748 Reliable peer-peer protocol over a data link (PPP, IEEE-802) without requiring IP. Used to allow authentication on: Dial-in access using PPP 802.1X port based switches Wireless LANs Purpose: Support a flexible dialog between a back-end EAP server and a peer that needs authentication.

14 EAP cont. Peer Pass-through Authenticator Authentication Server
| | | | |EAP method | |EAP method | | V | | ^ | +-+-+-! !-+-+-+ | ! | |EAP | EAP | | | ! | | ! | |Peer | Auth.| EAP Auth. | | ! | |EAP ! peer| | | | |EAP !Auth.| | ! | | | ! | ! | | ! | +-+-+-! ! ! !-+-+-+ | ! | | ! | ! | | ! | |EAP !layer| | EAP !layer| EAP !layer | |EAP !layer| |Lower!layer| | Lower!layer| AAA ! /IP | | AAA ! /IP | ! ! ! ! > > Pass-through Authenticator

15 Conclusions TNC Architecture seems worth while to follow its progress.
Use of EAP as IF-T is a recommendation - Firewall vendor support ? UvA and ANL will work on prototype implementation Functional design expected by next GGF.

Download ppt "Firewall Issues Research Group GGF-15 Oct 4 2005 Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks."

Similar presentations

Authentication.

Authentication.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.

The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.

TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.

Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Agenda Introduction Network Access Protection platform architecture

Agenda Introduction Network Access Protection platform architecture
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.

Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.

Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect: Open.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect: Open.
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.

1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Network Access Control for Education

Network Access Control for Education
Surviving in a hostile world  The myth of fortress applications  Tomas Olovsson CTO, Appgate Professor at Goteborg University, Sweden.

Surviving in a hostile world  The myth of fortress applications  Tomas Olovsson CTO, Appgate Professor at Goteborg University, Sweden.

Similar presentations

Ads by Google