Towards real interoperable, real trusted network access control: Experiences from implementation and application of trusted network connect

Abstract

Network Access Control (NAC) is the most promising approach to provide protection against sophisticated attacks that first compromise endpoints to subsequently continue their evil work in networks accessible via the compromised endpoint. Trusted Network Connect (TNC) is a NAC approach featuring interoperability and unforgeability due to its openness, broad vendor support and integration of Trusted Computing functions. This paper presents experiences with TNC gained from the development of a TNC implementation, called TNC@ FHH and some analyses on how to adopt TNC in real world scenarios. It comes to the conclusion that interoperability between basic TNC components of different vendors and dev elopers is obviously actually good, unforgeability is well designed but hard to achieve, and the adoption of TNC in real world scenarios is on the one hand desired because of obvious security benefits, but on the other hand today there are several handicaps leading to high complexity and costs. That's why further developments and enhancements concerning TNC and Trusted Computing are required to finally succeed in having a real interoperable and unforgeable NAC solution, being easily adoptable and manageable. © 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden.