This week, I’m blogging from RSA Europe in London. The conference is dedicated to Alan Turing, the great British cryptographer and early computer scientist. The folks at Bletchley Park teamed with a local hobbyist to bring an Enigma machine and other cryptographic machines to the conference. I had a great time playing with the Enigma.

Attendance at the show was down a bit from last year, probably due to the poor economy. Still, there was a good crowd for my talk on “NAC 2.0″ this morning. I explained how NAC systems are starting to integrate with other network security systems like IDS and DLP. This trend is really starting to accelerate now that IF-MAP has been released, providing a standard way for these integrations to happen.

One more note. The Bletchley Park folks are appealing for donations to help save their historic site, an important part of cryptography and information security. If you’d like to donate, visit their site at http://www.bletchleypark.org.uk or stop by and see the machines for yourself. If you can’t make it to England, go to the U.S. National Cryptologic Museum in Maryland. They have a similarly amazing collection of spy gear albeit in a less historic setting.

Tags: General, NAC Standards, RSA, Appearances, NAC, standards, steve

In Madrid for the ISSE 2008 conference, I found myself losing sleep over the state of our global economy. What a mess! With two free hours, I decided to visit the art museums. A quick cab ride brought me to the Reina Sofia Museum, which houses Guernica. No words or JPEG can do justice to Picasso’s masterpiece. Although the work was inspired by the brutality of war, to me today it spoke to the tragedy and beauty of life.

Our current financial crisis will bring years of pain on a small and large scale. We must do what we can to avoid such tragedies but they will inevitably happen. Still, a small flower grows at the center of the painting. New life and creativity will spring from this tragedy as it always does.

Please treat each other with kindness and patience for the next few months. Be an island of calm. Spread hope not fear. Nothing physical has changed in recent weeks, only a psychological change. Let’s keep it that way and support each other. We will come out of this crisis stronger and wiser than before.

Tags: General, general

The IETF’s NEA Working Group is (among other things) standardizing a set of “PA-TNC attributes” for use during NAC health checks. These standard attributes will  be implemented in many network endpoints (laptops, desktops, printers, etc.) so that a NAC server can query an endpoint and obtain information about its health in a standard way. The tricky part is deciding which attributes are important enough to be in the first standard and which attributes can be left to future standards or vendor extensions.

I bet you have some ideas on this topic. Review the current draft list of attributes (below) and post your comments. I’ll bring them back to the NEA WG. Thanks!

---

A standard set of components are defined and then a standard set of attributes that describe aspects of those components. This avoids the need to define separate attributes for “OS Version”, “AV Version”, etc. Of course, some devices won’t implement all these components and attributes. No Anti-Virus on my printer (yet!).

Components: Operating system, Anti-Virus, Anti-Spyware, Anti-Malware, Host Firewall, Host Intrusion Detection and/or Prevention System, Host VPN

Attributes: Product Information (vendor, name),  Numeric Version, String Version, Operational Status (operational?, problems detected?, last time run), Port Filter List (for Host Firewall), Installed Packages (name, version)

Tags: NAC Standards, NEA, IETF, NAC, standards