This week, I’m blogging from RSA Europe in London. The conference is dedicated to Alan Turing, the great British cryptographer and early computer scientist. The folks at Bletchley Park teamed with a local hobbyist to bring an Enigma machine and other cryptographic machines to the conference. I had a great time playing with the Enigma.
Attendance at the show was down a bit from last year, probably due
to the poor economy. Still, there was a good crowd for my talk on “NAC
2.0″ this morning. I explained how NAC systems are starting to
integrate with other network security systems like IDS and DLP. This
trend is really starting to accelerate now that IF-MAP has been released, providing a standard way for these integrations to happen.
One more note. The Bletchley Park folks are appealing for donations
to help save their historic site, an important part of cryptography and
information security. If you’d like to donate, visit their site at http://www.bletchleypark.org.uk or stop by and see the machines for yourself. If you can’t make it to England, go to the U.S. National Cryptologic Museum in Maryland. They have a similarly amazing collection of spy gear albeit in a less historic setting.
Message Edited by SteveHanna on 11-03-2008 08:47 PM
Last week, I was at the RSA Conference
in San Francisco, a global gathering for information security folks.
This event has already been covered by hundreds of bloggers and
journalists so I won’t cover the basics. However, I do think it’s
useful to highlight a few NAC-related events.
First, I was glad to see that NAC vendors are converging on
IF-TNCCS-SOH as a standard client-server protocol. This addresses
several concerns that customers have had about NAC: complexity,
compatibility, and cost. Now that everyone is agreeing on one
client-server NAC protocol, customers won’t have to worry about whether
their NAC system is compatible with their PCs, their non-PC devices,
and their contractors’ and customers’ devices. Support for the TNC
protocols will just be built into the client operating system. This
will reduce complexity and therefore cost by eliminating the need to
install a special NAC agent on the device. Of course, the nirvana of
universal NAC support is not here yet. Macs, older PCs, and many other
devices don’t yet come with NAC support built-in. But the trajectory is
clear. In a few years, NAC support will be as ubiquitous as DHCP is now.
Second, I participated in a panel session with Cisco and Microsoft
on NAC. This is the third year we have done this panel at RSA. The
first year, there was blood everywhere. The second year was a bit more
restrained. And this year, I’m happy to say that everyone agreed on the
value of the TNC standards. Even Cisco is on board, now that IETF has
pick up the TNC specs. I still don’t agree with Cisco about everything.
We had a few tiffs on the panel. But we agree on the need for NAC
standards and the fact that the TNC standards are those standards.
That’s the essential bit.
Finally, NSA (the U.S. National Security Agency) was demonstrating the High Assurance Platform, a multi-level secure workstation built on the TNC and TPM standards.
This is really important. For one thing, it shows how open standards
are being used to build super-secure systems out of inexpensive,
commercial parts. For another, it will provide a big benefit to U.S.
warfighters. Today, they must carry three laptops: one for secret
materials, a second for top secret, and a third for unclassified. With
HAP, a single laptop with a secure hypervisor (based on VMware) runs
separate VMs for the separate classifications. This will literally
lighten soldiers’ load, allowing them to be more agile or carry more
arms and armor. Commercial road warriors and infosec teams may not
carry guns but we are at war with cyber criminals. If TNC and TPM are
strong enough for the NSA, they must be strong enough for your