- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
Trusted Computing Group is expanding its area of interest beyond pre-admission NAC to post-connect NAC.
The broadened scope comes in the form of a new protocol called IF-MAP, which stands for interface for meta-data access point. The protocol is intended to be spoken between security devices on networks and a meta-data access point (MAP) that receives and posts the data.
The idea is that security devices such as firewalls, intrusion detection and prevention systems, wireless controllers, configuration and change management platforms and the like, collect data that becomes more valuable if shared. A configuration change management platform could discover a shortcoming in an endpoint and post it to the MAP. An enterprise security management device might then determine that shortcoming violates security policy.
Notification of that violation posted to the MAP could trigger a firewall to block the device from the network.
If it is adopted, IF-MAP could enable gear from multiple vendors to participate in post-connect NAC. From the customer point of view such a development could mean a richer post-connect NAC scheme than a single vendor might offer. Perhaps as importantly, it could enable existing customer gear to participate in the scheme, potentially reducing the overall cost.
This protocol is brand new and no vendors have officially incorporated it in their products, but it’s an option that may materialize soon.
Tim Greene is senior editor at Network World.
Comments (2)
Yes, it is true.By Anonymous on May 7, 2008, 8:04 amYes, it is true. Sophos' product already does that today and has been for some time. They are calling it "post-connect policy assessment". Machines that have deviated...
Reply | Read entire comment
Or you can do it today with SophosBy Anonymous on May 6, 2008, 9:45 amOr you can do it today with Sophos.
Reply | Read entire comment
View all comments