Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Trusted Computing Group broadens its NAC scope

Moving beyond pre-admission NAC to post-connect NAC
Security: Network Access Control Alert By Tim Greene , Network World , 05/06/2008
Tim Greene
Sign up for this newsletter now!

Cloud Security|Cloud computing offers advantages over building and maintaining private data centers including flexibility, reduced maintenance and operations costs and the ability to employ lower powered, lower priced personal computers.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Trusted Computing Group is expanding its area of interest beyond pre-admission NAC to post-connect NAC.

The broadened scope comes in the form of a new protocol called IF-MAP, which stands for interface for meta-data access point. The protocol is intended to be spoken between security devices on networks and a meta-data access point (MAP) that receives and posts the data.

The idea is that security devices such as firewalls, intrusion detection and prevention systems, wireless controllers, configuration and change management platforms and the like, collect data that becomes more valuable if shared. A configuration change management platform could discover a shortcoming in an endpoint and post it to the MAP. An enterprise security management device might then determine that shortcoming violates security policy.

Notification of that violation posted to the MAP could trigger a firewall to block the device from the network.

If it is adopted, IF-MAP could enable gear from multiple vendors to participate in post-connect NAC. From the customer point of view such a development could mean a richer post-connect NAC scheme than a single vendor might offer. Perhaps as importantly, it could enable existing customer gear to participate in the scheme, potentially reducing the overall cost.

This protocol is brand new and no vendors have officially incorporated it in their products, but it’s an option that may materialize soon.

Tim Greene is senior editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comments (2)
Login
Forgot your account info?

Or you can do it today with SophosBy Anonymous on May 6, 2008, 9:45 amOr you can do it today with Sophos.

Reply | Read entire comment

Yes, it is true.By Anonymous on May 7, 2008, 8:04 amYes, it is true. Sophos' product already does that today and has been for some time. They are calling it "post-connect policy assessment". Machines that have deviated...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed