PORTLAND, Ore., Nov. 17, 2017 – Trusted Computing Group (TCG) today announced the Trusted Network Communications (TNC) Architecture 2.0, which expands the use cases and capabilities of TNC and enables efficient network security solutions that are more resistant to outsider attacks and insider threats.
The TNC architecture enables intelligent policy decisions, dynamic security enforcement, and communication between security systems. These capabilities give administrators visibility into networks and endpoints to determine who and what is on the network and whether devices are compliant and secure. TNC facilitates context-based access control – granting or blocking access based on authentication, device compliance, and user behavior – and security automation, for orchestration of network and security systems.
The new TNC Architecture 2.0 separates endpoint compliance and access control, recognizing that compliance is often is a goal of network security and part of access control decisions. This update also clarifies the usage and application of TNC, explicitly articulating the major capabilities of TNC, describing usage scenarios for TNC, and illustrating how TNC’s functional building blocks can be combined to deliver solutions in these usage scenarios. Other enhancements clarify technical aspects of the TNC framework, improving interoperability for implementers.
The TNC Architecture 2.0 expands the understanding of how TNC specifications relate to each other and apply to common use cases and is compatible with implementations of existing versions of TNC specifications.
Charles Schmidt, The MITRE Corporation, said, “The new TNC Architecture 2.0 specification clearly showcases the power and flexibility of the TNC Architecture. The modular nature of the architecture is more clearly called out, emphasizing that TNC is not a single, monolithic framework but a toolkit that can be the basis of a broad range of cybersecurity solutions.”
TCG also released the new TNC Server Discovery & Validation 1.0 specification. This specification provides a way for endpoints to discover TNC and related servers, and to validate whether those servers are recognized and suitable for interaction; related servers could also include IETF Network Endpoint Assessment (NEA) servers and proprietary servers. This discovery and validation allows the dynamic creation of trusted relationships between endpoints and servers, which simplifies deployment. These additions will enable more flexible and dynamic management of endpoint-server relationships and greater trust in an endpoint security solution, ensuring that endpoints are providing potentially sensitive information only to trusted servers.
TNC has been implemented by many commercial vendors of networking and security equipment and by open source projects to provide interoperable compliance, visibility, and orchestration capabilities. Implementers and deployers of TNC-enabled technology are encouraged to review the updated architecture, as well as explore open-source implementations such as strongSwan. More information is also available in the TNC FAQ.
This is a Security Bloggers Network syndicated blog post authored by TCG Admin. Read the original post at: Trusted Computing Group