http://nacblog.juniper.net Steve Hanna's Weblog Wed, 14 May 2008 22:11:21 +0000 http://backend.userland.com/rss092 en Tawnee Kendall and I sat down and recorded this video on Interop 2008. Check it out! http://nacblog.juniper.net/2008/05/14/new-video-podcast-posted/ The TCG announced a new specification today: IF-MAP. Why should you care? Because this new standard really changes the world of network security. In the past, security systems were largely silos. Your IDS didn't talk to your firewalls or your VPN or your identity management system or your endpoint security. If ... http://nacblog.juniper.net/2008/04/28/if-map-integrating-all-network-security/ Last week, I was at the RSA Conference in San Francisco, a global gathering for information security folks. This event has already been covered by hundreds of bloggers and journalists so I won't cover the basics. However, I do think it's useful to highlight a few NAC-related events. First, I was ... http://nacblog.juniper.net/2008/04/17/nac-happenings-at-rsa/ In a comment on my last post, Grant Hartline wrote: I’m happy to see the movement towards unification of standards and appreciate all of the effort you’ve put into NAC standards adoption, both within the TCG and the IETF. However, one TNC standard that is conspicuous in its absence is IF-PEP. ... http://nacblog.juniper.net/2008/04/09/what-about-if-pep/ I'm happy to say that the IETF NEA Working Group has decided to adopt several of the latest TNC standards as Working Group drafts! Let me answer some frequently asked questions about the process and the drafts. If you have more questions, please post them and I will try to ... http://nacblog.juniper.net/2008/04/02/ietf-picks-up-tnc-standards/ I'm sure you've been perched on the edge of your seat, waiting to see what would happen in the next episode of the riveting drama of NAC standards. In our last episode, the IETF NEA Working Group had issued a call for client-server NAC protocols to be considered for standardization. ... http://nacblog.juniper.net/2008/02/19/proposals-for-nea-standards/ The TNC specs are good but some people prefer a more formal approach to standards. For example, Cisco has said that they prefer to work on NAC standards in the Internet Engineering Task Force (IETF). Getting Cisco and others to agree on NAC standards is important, so the IETF has ... http://nacblog.juniper.net/2008/02/06/ietf-nea/ The first stop on our guided tour of NAC standards is Trusted Network Connect (TNC). TNC is a complete set of standards for NAC, covering each step in the NAC process, from assessment to evaluation and enforcement. Like all good standards, TNC is completely vendor-neutral and open for anyone to ... http://nacblog.juniper.net/2008/01/09/trusted-network-connect-tnc/ NAC is inherently a multi-vendor problem. Assessment needs to work with all the different endpoints connected to your network:PCs, Macs, printers, phones, security cameras, etc. Evaluation needs to know what's normal for each of those kinds of endpoints. And enforcement needs to work with whatever enforcement mechanism you want to ... http://nacblog.juniper.net/2007/12/18/nac-standards/ As with assessment and evaluation, there are many options for NAC enforcement. In fact, this may be the most diverse area for NAC options! These options fall into four categories, based on where they are in the network. We'll start at the edge of the network and move in. Endpoint - ... http://nacblog.juniper.net/2007/12/05/enforcement-options/