Trusted Computing Group (TNG) leads effort to certify NAC products, but not all vendors are on board
The Trusted Computing Group’s Trusted Network Connect (TNC) is an industry-supported working group developing NAC architecture documents and standards. The first public documents came out of TCG’s TNC in 2005 after a year of work, and the group has continued to publish NAC standards and fill out their NAC architecture every year.
The Trusted Computing Group's Trusted Network Connect (TNC) is an industry-supported working group developing NAC architecture documents and standards. The first public documents came out of TCG's TNC in 2005 after a year of work, and the group has continued to publish NAC standards and fill out its NAC architecture every year.
One of the main attributes of the TNC architecture for NAC is that it combined authentication and end-point security posture checking into a single unified protocol. TNC defined the protocol to run over 802.1X (most useful in a one-device-per-switch-port or wireless environment) as well as SSL (useful in more generic environments, such as over VPN tunnels or in routed networks where switch management is undesirable).
When Microsoft released Windows Server 2008, the Microsoft NAP (Network Access Protection) and TNC NAC protocols were linked so that Windows Vista, Windows XP (with service pack 3, which includes the NAC client), and Windows 7 are all interoperable with products that follow the TNC NAC protocols.
This gave TNC significant legitimacy; because it means that every contemporary Windows client is now "TNC compatible" out of the box, which removes the need to install a specific NAC client on Windows devices. No additional client means faster and simpler deployment for network managers.
When TNC first started working on NAC architectures and protocols, Cisco refused to participate, insisting instead that it should take place in the IETF. This led to the founding of the IETF Network Endpoint Assessment (NEA) working group, co-chaired by Susan Thomson (of Cisco) and Stephen Hanna (of Juniper). Slowly, NEA has built their own NAC architecture and protocols, and released three RFCs. All the NEA work is being closely linked to the TNC work, so that the RFCs are compatible with the TNC protocol specifications.
Last month, TNC announced a certification program, which will allow participating vendors to receive a stamp of approval verifying that their products implement the TNC protocols correctly, and that their products are interoperable with other certified products.
Although we didn't find unanimous support for TNC standards among the vendors who participated in our head-to-head NAC testing, the work of the TNC (and the IETF NEA working group) is still important for two key reasons. First, it represents the main path forward for interoperable NAC products. With enterprise networks hosting more non-Windows devices than ever before, the need to have a multi-vendor approach to NAC continues to gain in importance.
The second reason is that these architectures are designed by security and network experts who are more interested in solving problems than getting a product to market quickly. While there are always commercial interests in any modern standards development, network managers can look to TNC and IETF-based products with some confidence that the primary design goal was security.
The standards wars that were so inflammatory five years ago have settled down to truce on all sides, and technically outstanding solutions from the best minds of Cisco, Microsoft, and the members of the TNC.
Learn more about this topic
Payscale uses alumni post-grad pay to rank 187 colleges and universities with computer science...
Vint Cerf is known as a "father of the Internet," and like any good parent, he worries about his...
How mainstream is big data? We asked two speakers at HP's Big Data Conference 2015 in Boston whether...
Sponsored by SevOne
Sponsored by HP
The U.S. National Telecommunications and Information Administration will host a series of discussions...
Systemic flaws and a rapidly shifting threatscape spell doom for many of today’s trusted security...
Experienced software engineering leaders share what it takes to get the most out of your team.
These are 15 of the highest valued enterprise software companies that have received venture funding but...