Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Access Control for Education

Published byBarrie Kennedy Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Access Control for Education"— Presentation transcript:

1 Network Access Control for Education
By Steve Hanna, Distinguished Engineer, Juniper Co-Chair, Trusted Network Connect WG, TCG Co-Chair, Network Endpoint Assessment WG, IETF

2 Implications of Expanded Network Usage
As Access Increases Mission-critical network assets Mobile and remote devices transmitting the LAN perimeter Broader variety of network endpoints Faculty, staff, parent, and/or student access Critical data at risk Perimeter security ineffective Endpoint infections may proliferate Network control can be lost Network Security Decreases

3 Network Access Control Solutions
Control Access to critical resources to entire network Based on User identity and role Endpoint identity and health Other factors With Remediation Management Features Consistent Access Controls Reduced Downtime Healthier endpoints Fewer outbreaks Safe Remote Access Safe Access for Faculty, Staff Students, Parents Guests Devices Benefits Network access control must be a key component of every network!

4 What is Trusted Network Connect (TNC)?
Open Architecture for Network Access Control Suite of Standards to Ensure Interoperability Work Group in Trusted Computing Group (TCG)

5 Security Infrastructure
TCG: The Big Picture Desktops & Notebooks Applications Software Stack Operating Systems Web Services Authentication Data Protection Printers & Hardcopy Security Infrastructure Storage TCG Standards Mobile Phones Servers Networking Security Hardware

6 TNC Architecture Overview
Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) VPN Wireless PDP FW Wired Network Perimeter

7 Typical TNC Deployments
Uniform Policy User-Specific Policies TPM Integrity Check

8 Policy Enforcement Point (PEP) Policy Decision Point (PDP)
Uniform Policy Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Remediation Network PDP Non-compliant System Windows XP SP2 OSHotFix 2499 OSHotFix 9288 AV - McAfee Virus Scan 8.0 Firewall Client Rules Windows XP - SP2 - OSHotFix 2499 - OSHotFix 9288 - AV (one of) - Symantec AV 10.1 - McAfee Virus Scan 8.0 - Firewall Production Network Compliant System Windows XP SP2 OSHotFix 2499 OSHotFix 9288 AV – Symantec AV 10.1 Firewall Network Perimeter

9 User-Specific Policies
Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) PDP Guest User Guest Network Internet Only Ken – Faculty Classroom Network Access Policies - Authorized Users - Client Rules Linda – Finance Finance Network Windows XP OSHotFix 9345 OSHotFix 8834 AV – Symantec AV 10.1 Firewall Network Perimeter

10 Policy Enforcement Point (PEP) Policy Decision Point (PDP)
TPM Integrity Check Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) TPM – Trusted Platform Module Hardware module built into most of today’s PCs Enables a hardware Root of Trust Measures critical components during trusted boot PTS interface allows PDP to verify configuration and remediate as necessary PDP Client Rules - BIOS - OS - Drivers - Anti-Virus Software Production Network Compliant System TPM Verified BIOS OS Drivers Anti-Virus Software Network Perimeter

11 TNC Architecture in Detail
Access Requester (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) (IF-M) (IF-IMC) (IF-IMV) t Collector Collector Integrity Measurement Collectors (IMC) Verifers Verifiers Verifiers (IMV) (IF-PTS) TSS TPM Platform Trust Service (PTS) TNC Client (TNCC) (IF-TNCCS) TNC Server (TNCS) Network Access Requestor Policy Enforcement Point (PEP) (IF-T) (IF-PEP) Network Access Authority

12 TNC Status TNC Architecture and all specs released
Available Since 2006 from TCG web site Rapid Specification Development Continues New Specifications, Enhancements Number of Members and Products Growing Rapidly Compliance and Interoperability Testing and Certification Efforts under way

13 TNC Vendor Support Access Requester (AR)
Policy Enforcement Point (PEP) Policy Decision Point (PDP) Endpoint Supplicant/VPN Client, etc. Network Device FW, Switch, Router, Gateway AAA Server, Radius, Diameter, IIS, etc. 13

14 TNC/NAP/UAC Interoperability
Announced May 21, 2007 by TCG, Microsoft, and Juniper NAP products implement TNC specifications Included in Windows Vista, Windows XP SP 3, and Windows Server 2008 Juniper UAC and NAP can interoperate Demonstrated at Interop Las Vegas 2007 UAC will support IF-TNCCS-SOH in 1H2008 Customer Benefits Easier implementation – can use built-in Windows NAP client Choice and compatibility – through open standards

15 NAP Vendor Support

16 What About Open Source? Several open source implementations of TNC
University of Applied Arts and Sciences in Hannover, Germany (FHH) libtnc OpenSEA 802.1X supplicant FreeRADIUS TCG support for these efforts Liaison Memberships Open source licensing of TNC header files

17 Summary Network Access Control provides
Strong Security and Safety Tight Control Over Network Access Reduced PC Administration Costs Open Standards Clearly Needed for NAC Many, Many Vendors Involved in a NAC System Some Key Benefits of Open Standards Ubiquity, Flexibility, Reduced Cost TNC = Open Standards for NAC Widely Supported – HP, IBM, Juniper, McAfee, Microsoft, Symantec, etc. Can Use TPM to Detect Root Kits TNC: Coming Soon to a Network Near You!

18 For More Information TCG Web Site Juniper UAC Web Site Steve Hanna
Juniper UAC Web Site unified_access_control Steve Hanna Distinguished Engineer, Juniper Networks Co-Chair, Trusted Network Connect Work Group, TCG Co-Chair, Network Endpoint Assessment Working Group, IETF Blog:

Download ppt "Network Access Control for Education"

Similar presentations

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary and IDS WG TCG Activity Summary August 2010 Bagsvaerd, Denmark – PWG Meeting.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary and IDS WG TCG Activity Summary August 2010 Bagsvaerd, Denmark – PWG Meeting.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 10 June 2010 Rochester, NY – PWG F2F Meeting Ira McDonald.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 10 June 2010 Rochester, NY – PWG F2F Meeting Ira McDonald.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 7 April 2010 Camas, WA – PWG F2F Meeting Ira McDonald (High.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 7 April 2010 Camas, WA – PWG F2F Meeting Ira McDonald (High.
1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary May 2011 Webster, NY – PWG Meeting Ira McDonald (High North.

1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary May 2011 Webster, NY – PWG Meeting Ira McDonald (High North.
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.

Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.

TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.

Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.

Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Interop Labs Network Access Control Interop Las Vegas 2006 Karen O’Donoghue.

Interop Labs Network Access Control Interop Las Vegas 2006 Karen O’Donoghue.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Information Security in Real Business

Information Security in Real Business
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Similar presentations

Ads by Google