Trusted Network Connect Explained

Trusted Network Connect (TNC) is an open architecture for Network Access Control, promulgated by the Trusted Network Connect Work Group (TNC-WG) of the Trusted Computing Group (TCG).^{[1] [2] [3]}

History

The TNC architecture was first introduced at the RSA Conference in 2005.^[4] TNC was originally a network access control standard with a goal of multi-vendor endpoint policy enforcement.^[5]

In 2009 TCG announced expanded specifications which extended the specifications to systems outside of the enterprise network.^[6] Additional uses for TNC which have been reported include Industrial Control System (ICS), SCADA security,^{[7] [8]} and physical security.^[9]

Specifications

Specifications introduced by the TNC Work Group:^[10]

• TNC Architecture for Interoperability
• IF-IMC - Integrity Measurement Collector Interface
• IF-IMV - Integrity Measurement Verifier Interface^[11]
• IF-TNCCS - Trusted Network Connect Client-Server Interface^[12]
• IF-M - Vendor-Specific IMC/IMV Messages Interface
• IF-T - Network Authorization Transport Interface^[13]
• IF-PEP - Policy Enforcement Point Interface^[14]
• IF-MAP - Metadata Access Point Interface
• CESP - Clientless Endpoint Support Profile
• Federated TNC

TNC Vendor Adoption

A partial list of vendors who have adopted TNC Standards:^[15]

• ArcSight
• Aruba Networks
• Avenda Systems
• Enterasys
  • Extreme Networks Fujitsu
• IBM
• Pulse Secure

• Juniper Networks
• Lumeta
• McAfee
• Microsoft
• Nortel
• ProCurve
• strongSwan
• Wave Systems

Also, networking by

• Cisco
• HP
• Symantec
• Trapeze Networks
• Tofino

TNC Customer Adoption

The U.S. Army has planned to use this technology to enhance the security of its computer networks.^[16]

The South Carolina Department of Probation, Parole, and Pardon Services has tested a TNC-SCAP integration combination in a pilot program.^[17]

See also

• IF-MAP
• Trusted Computing
• Trusted Computing Group
• Trusted Internet Connection

Sources

• Dornan, Andy. “'Trusted Network Connect' Puts Hardware Security Agent In Every PC”, “Information Week Magazine”, UBM Techweb Publishing.
• Vijayan, Jaikumar. “Vendor Group Adds Net Access Specs”, “Computer World Magazine”, IDG Publishing.
• Higgins, Kelly Jackson. “Trusted Computing Group Widens Security Specs Beyond Enterprise Networks”, “Dark Reading”, UBM Techweb Publishing.
• Townsend, Mark. “Naked endpoints on your net, and what to do about them”, “SC Magazine”, Haymarket Media.
• Fang, Juan and Zeng, Hongli. “The Model of Trusted Network Connect Based on Credibility of the Hierarchy”, nswctc, vol. 2, pp. 454–457, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing, 2010.
• Howard, Scott (2010-06)(“Securing SCADA and Control Networks”, “urunkoruma.com”.

External links

• Trusted Network Connect
• Specifications
• TNC SDK

Notes and References

1. Web site: "Using Trusted Network Connect for NAC — FedTech Magazine" — FedTech Magazine . 2010-10-14 . dead . https://web.archive.org/web/20110710233657/http://fedtechmagazine.com/article.asp?item_id=619 . 2011-07-10 .
2. Web site: Wireless Infrastructure Advice, Discussion, Community . Network Computing . 2017-05-03.
3. Web site: Archived copy . 2010-10-20 . dead . https://web.archive.org/web/20110713050539/http://www.interop.com/archive/pdfs/2007-04WhatisTCGTNC.pdf . 2011-07-13 .
4. Web site: 'Trusted Network Connect' Puts Hardware Security Agent in Every PC - - - Informationweek . www.informationweek.com . 3 February 2022 . https://archive.today/20120904004418/http://www.informationweek.com/news/hardware/desktop/showArticle.jhtml?articleID=180201733 . 4 September 2012 . dead.
5. Web site: Vijayan . Jaikumar . Vendor Group Adds Net Access Specs . Computerworld . 2005-05-09 . 2017-05-03.
6. Web site: Trusted Computing Group Widens Security Specs Beyond Enterprise Networks . Darkreading.com . 18 May 2009. 2017-05-03.
7. Web site: Not your Father's Control System | Tofino Industrial Security Solution . Tofinosecurity.com . 2017-05-03.
8. Web site: Securing SCADA and Control Networks . 2010-09-13 . dead . https://web.archive.org/web/20110728101509/http://www.automation.com/content/securing-scada-and-control-networks . 2011-07-28 .
9. Web site: Hirsch Demonstrates Industry's First Standards-Based Network / Physical Access Control Enforcement Solution . 2010-10-14 . dead . https://web.archive.org/web/20091230012003/http://www.hirschelectronics.com/Hirsch-PR--PhysSec-NAC_interoperability_demo.asp . 2009-12-30 .
10. Web site: Trusted Computing Group Continues to Extend TNC Specifications | Current Analysis . 2010-09-15 . dead . https://web.archive.org/web/20100109114422/http://www.currentanalysis.com/h/2009/TrustedComputingGroup-TNC.asp . 2010-01-09 .
11. Web site: Archived copy . 2010-10-14 . dead . https://web.archive.org/web/20110103124034/http://www.opus1.com/nac/tnc/TNC_IFIMV_v1_2_r8.pdf . 2011-01-03 .
12. Web site: TCG Trusted Network Connect : TNC IF-TNCCS: Protocol Bindings for SoH . Opus1.com . 2017-05-03.
13. Web site: Archived copy . 2010-10-14 . dead . https://web.archive.org/web/20110928031429/http://www.trustedcomputinggroup.org/files/resource_files/51F0757E-1D09-3519-AD63B6FD099658A6/TNC_IFT_TLS_v1_0_r16.pdf . 2011-09-28 .
14. Web site: Archived copy . 2010-10-14 . dead . https://web.archive.org/web/20110930155120/http://www.opus1.com/nac/tnc/tnc_if-pep_v1_1_rev_0_7.pdf . 2011-09-30 .
15. http://scap.nist.gov/events/2010/itsac/presentations/day2/Network_Automation-TNC.pdf#page=18
16. Web site: Archived copy . 2006-08-05 . dead . https://web.archive.org/web/20061003160426/https://www.trustedcomputinggroup.org/news/press/member_releases/2006/General_Dynamics_Release.pdf . 2006-10-03 .
17. Web site: Jackson . William . Speed of cybersecurity rises with combination of Trusted Network Connect and Security Content Automation Protocols . Fcw.com . 2010-09-28 . 2017-05-03.