The organization, backed by a set of well-known network gear, firewall and anti-virus companies, used the Networld + Interop show in Las Vegas yesterday to announce the Trusted Network Connect working group.
Extreme Networks, Foundry Networks, Funk Software, InfoExpress, iPass, Juniper, Meetinghouse, McAfee, Sygate, Symantec, Trend Micro and Zone Labs have all joined TCG to help work on the specs. HP, Intel and VeriSign will also participate.
Andrew Harding, a director of marketing at Juniper, said TCG will develop specs looking at the three parts of the endpoint compliance problem – the client, the policy engine and the enforcement point. It will also develop a protocol to tie them together.
Cisco, which is a notable absence from the TCG effort, launched its own Network Admission Control program last November, and signed on McAfee, Trend and Symantec – the three big antivirus software vendors – as its launch partners.
Cisco’s specs, Harding said, are designed for Cisco networks. Harding characterized the TCG initiative as the open systems alternative to the Cisco initiative. Juniper recently boosted its security presence by buying NetScreen.
The idea behind network connect security specs like these is to help networks make decisions on how much access to give a device based not just on who the user is, but how secure their device is at the time they try to connect.
For example, remote workers may get better access privileges if they are at home or on a company laptop than if they were on a shared PC in a cybercafe. Access could also depend on whether up-to-date antivirus and personal firewall software is running.
TCG will look at the client-side APIs used that would be used to determine this profile, as well as the method for communicating that information to a policy decision-making server and the enforcement device, which could be a VPN gateway or a switch.
Cisco’s NAC program, for example, includes the Cisco Trust Agent, endpoint software that collates security data such as virus signature level and patch level and provides it to a Cisco back-end, which ultimately makes the access decision.
While TCG has no deliverables as yet, some of the functions envisaged are already available due to partnerships between SSL VPN vendors like Juniper and endpoint security software vendors such as Zone Labs.
