TNC@FHH in a Nutshell

From TNC@FHH

Jump to: navigation, search

What is TNC?

The Trusted Network Connect (TNC) architecture, specified by the Trusted Computing Group (TCG), is a Network Access Control (NAC) approach that promises to significantly increase the security level of todays networks.

Basically, TNC allows you to decide whether an endpoint gets access to you network or not based on the endpoints current integrity state. That is, the owner of the network can specify a security policy that every endpoint has to fulfill as precondition before network access is granted (the integrity is checked against the policy). E.g., an enterprise could enforce that any enpoint that wishes to connect to the corporate network has an anti virus software running whose virus signature is up-to-date.

If this check fails, the endpoint is considered to be in an unhealthy state and one of the following access restrictions can be enforced:

  1. The access to the network can simply be denied.
  2. The endpoint can be isolated to a specific section of the network. From there, services should be available that the endpoint can use to remediate itself. Afterwards, another integrity check which should now be succesful. This process is called Remediation.

The access descision is enforced at the network's edge, e.g. by a switch or by a VPN. TNC supports existing technologies like 802.1x for LANs that facilitates its deployment. For further information visit https://www.trustedcomputinggroup.org/specs/TNC/.

The TNC@FHH project

TNC@FHH is an open source based implementation of the TNC architecture. TNC@FHH implements all core TNC components/layers and the main interfaces between them. Its first release was the result of two completed master's theses at the University of Applied Sciences and Arts in Hanover. Among other things, TNC@FHH features:

  • TNC Server running as an extension of FreeRADIUS
  • several IMC/IMV pairs
  • basic policy management
  • verified interoperability with other TNC implementations (xsupplicant, wpa_supplicant, libtnc)
  • implemented in C++
  • completely open source

In the last months, several aspects of the implementation have changed:

  • The TNC@FHH client is not supported anymore. Instead of that, wpa_supplicant and Xsupplicant are now used.
  • The TNC@FHH server has been completely redesigned.
  • Our EAP-TNC method is now an integrated part of FreeRADIUS.

For further information feel free to contact the tnc@fhh team via mailto:tnc@inform.fh-hannover.de.

Retrieved from "http://tnc.inform.fh-hannover.de/tnc/wiki/index.php/TNC%40FHH_in_a_Nutshell"
Personal tools