Atomic Bob's Stock Forum - The Golden Thread

Forum Home |

Signup |

My Page

Rules |

FAQ |

Donate |

Boards |

Members |

« WAVX DD Home | Email msg. | Reply to msg. | Post new | Board info.

Previous | Home | Next

Re: Microsoft Server 2008

By: awk in WAVX DD | Recommend this post (0)
Fri, 28 Dec 07 9:53 AM
Boardmark this board | WAVX DD Longs Board

Msg. 06642 of 06668
(This msg. is a reply to 06628 by awk)
Jump:

.
"...TNCCS-SOH support, already a part of Window Vista, will be part of Microsoft Windows Server 2008 and will be part of Windows XP Service Pack 3. On the TNC side, Juniper Networks has pledged support for TNCCS-SOH and will be moving aggressively to provide interoperability..."

http://businessdailynews.org/technology/microsoft-nap-tnc-to-go-hand-in-hand/

Microsoft NAP, TNC to Go Hand in Hand?

Tag: Technology — webmaster @ 4:11 am

The network access control (NAC) landscape is about to change on news today that Microsoft NAP and standards organization Trusted Computing Group’s Trusted Network Connect (TNC) are now interoperable.

The market for NAC is a competitive one, with the majority of solutions being compatible with one of three overriding frameworks: Cisco NAC, NAP or TNC. But now that NAP is considered an implementation of TNC, the NAC industry could be going from a three-horse race to a two-horse one between Cisco and TNC.

“The feedback we’re always getting is that NAC is too confusing and why are there three architectures and not just one,” Steve Hanna co-chair of the TNC working group for TCG and a distinguished engineer with Juniper Networks, told internetnews.com.

“Toward that end, this is getting us moving in that direction with a really deep interoperability that’s not some sort of half hearted thing.”

The interoperability involved TNC support for a Microsoft NAP approach called Microsoft Statement of Health Protocol. The IF-TNCCS-SOH (TNC client server - statement of health) protocol will now become the TNC standard. The IF-TNCCS-SOH acts as a transport to help validate that an end point meets the security requirements.

Hanna explained that the TNC client/server protocol is transport-independent and a common way that a network would see it is as 802.1x between the end point and the switch. In terms of the security of the TNCCS-SOH transport, there are significant measures in place to ensure that it isn’t tampered with.

“Transport is not just encrypted; it’s also authenticated and integrity-protected,” Hanna said.

For Microsoft, by providing interoperability with TNC, they are hoping to overcome one of the biggest barriers to adoption for access control.

“We talk with customers about the network access control market, and there is a perceived adoption barrier to not knowing which solution to go with and not knowing whether any particular solution would interoperate with another solution in the long term,” Paul Mayfield, group program manager of Windows Networking at Microsoft, told internetnews.com. “We felt it pretty important to respond.”

TNC, which is supported by dozens of vendors, including Cisco rival Juniper Networks, won’t automatically now become compliant with the http://www.internetnews.com/ent-news/article.php/3657546 that are compliant with Microsoft NAP.

And Mayfield noted that not all Microsoft NAP vendors will be immediately TNC-compliant, though some will be. Mayfield noted the devil is in the details.

TNC’s Hanna was a bit less optimistic.

“What we’re doing here is not waving a magic wand and all the products that were previously shipped are now magically compatible. We can’t do that,” Hanna said. “What needs to happen in order to make this compatibility real is that vendors need to develop and ship products that ship this new protocol.”

TNCCS-SOH support, already a part of Window Vista, will be part of Microsoft Windows Server 2008 and will be part of Windows XP Service Pack 3. On the TNC side, Juniper Networks has pledged support for TNCCS-SOH and will be moving aggressively to provide interoperability.

So where does the new NAP/TNC interoperability leave Cisco NAC? It’s not quite as isolated as you’d think. In 2004 Cisco and Microsoft http://www.internetnews.com/security/article.php/3422961 to provide a degree of interoperability between NAC and NAP.

Microsoft’s Mayfield explained that the new TNC interoperability will not impact Microsoft’s relationship with Cisco.

“Our policy server can interoperate with Cisco clients, but that is through the agreement we had between our two companies as opposed to this standards announcement with TNC,” Mayfield said. “We’ll continue to work with Cisco and to work in standards efforts, but this announcement doesn’t change the interoperability between Microsoft and Cisco.”

Cisco isn’t exactly chomping at the bit to join up with TNC, though. Juniper’s Hanna said that the TCG has always welcomed Cisco to participate within TNC, but so far the company has declined.

The interoperability efforts between Juniper and Cisco are confined to a a group within the Internet Engineering Task Force (IETF), which is in the very early stages of discussing access control. The interoperability between TNC and NAP may, however, have an impact on Cisco’s larger standards effort.

“My perspective is it will just help to will help to further that effort,” Hanna said. “What we’re doing here is improving interoperability, and that is just going to make it easier and more likely for us to achieve agreement in IETF.”

» You can also:

Ignore/Hide this poster on all boards (Requires login)
Membermark this member (Requires login)
Email this message to a friend

- - - - -
The above is a reply to the following message:

Microsoft Server 2008
By: awk in WAVX DD
Fri, 07 Dec 07 6:56 AM

Msg. 06628 of 06668

Microsoft announces interoperability with Trusted Computing Group

By Jeremy Reimer
May 21, 2007 - 04:13PM CT

http://tinyurl.com/2c67kj

Microsoft has announced a new agreement with the Trusted Computing Group (TCG) that will allow interoperability between TCG's Trusted Network Connect (TNC) architecture and Microsoft's Network Access Protection (NAP), a deal considered to be a victory by TLA (Three Letter Acronym) fans everywhere.

TCG is the group that was created by AMD, Hewlett-Packard, IBM, Infineon, Intel, Microsoft, and Sun Microsystems, and its original mission in life was to implement the trusted platform module (TPM) that has found its way into new CPUs and motherboards from Intel and AMD. Microsoft has been adding optional features to its operating systems, such as the BitLocker feature in Windows Vista and new security tools in Windows Server 2008, and Apple has made use of the TPM chip to restrict OS X to Apple-approved computers.

The Trusted Network Connect architecture is designed to ensure that networks maintain "endpoint integrity" no matter what devices are connected to them. Microsoft's announcement of integration between TCG and TNC will make it easier for organizations who are highly concerned about network security to design their infrastructure.

============================================================================

Wave to Demonstrate Endpoint Integrity Software Integrated with Microsoft Network Access Protection

http://www.wave.com/news/press_archive/07/070521_INTEROP.html

Demonstrations at Interop show how Wave Software uses Trusted Platform Module-based IPSec with Network Access Protection and Reports on the Integrity of the Network Access Protection Components
Lee, MA and Las Vegas (Interop Las Vegas Booth #154 – May 14, 2007 – Wave Systems Corp. (NASDAQ: WAVX; www.wave.com) will demonstrate how its EMBASSY® software integrates seamlessly with Microsoft’s Network Access Protection to offer hardware-based security designed to prevent “lying endpoint” attacks aimed at spoofing PC health.

Network access control systems involve enforcing security policy and restricting prohibited platform configurations on the network; identifying and containing platforms that are noncompliant with policy; and stopping malware and rootkits before they touch the network. Security researchers have recently discovered vulnerabilities when network access control systems aren’t protected by hardware, leaving many enterprises vulnerable to attack.

One way to mitigate the problem of “lying endpoints” is to add a layer of hardware and software protection. Wave’s EMBASSY software leverages industry standard hardware security chips called Trusted Platform Modules (TPMs), now shipping on most business-class laptops and PCs today. The EMBASSY client and server applications capture, report and validate platform integrity, along with validating the integrity of the network access control system.

“Bringing the benefits of TPM integration together with Network Access Protection will help enterprise customers by enhancing the reliability of system health checks for network endpoints,” said Mike Schutz, Director of Product Management - Security and Access, Microsoft Corp. “Microsoft is pleased to be working with Wave Systems to help our customers’ infrastructure be more secure.”

============================================================================

Tighter security in Server 2008

By Paul Ferrill, Special to GCN

http://www.gcn.com/online/vol1_no1/45401-1.html

Microsoft tackles high-performance computing
Microsoft Corp. unveiled a significantly more secure server operating system in showcasing its new Windows Server 2008 last week at the Microsoft Windows Server Technical Summit held in Redmond, Wash.

Microsoft’s approach to security in Server 2008 expands on the defense-in-depth approach hinted at in the company’s release of Windows Vista. At the core of the OS, this translates into hardening of Windows Services, reducing the size of high-risk attack surfaces while increasing the number of layers a threat would have to penetrate to inflict damage. As you go up the stack, it includes components such as Bitlocker encryption for protecting sensitive information on the server.

Server 2008 has taken the lead from Vista in turning off features directly affecting the security posture of the system in the default configuration. By default, the Windows Firewall is now enabled. And the Server 2008 firewall has been improved to include new intelligent rules to make it easier to specify settings such as authentication and encryption levels.

Network Access Protection (NAP) is probably the single biggest security-related feature for Server 2008. It’s essentially the same as Cisco’s Network Access Control (NAC) in that it allows you to decide which client machines get access to your network based on a set of predetermined conditions. When any client machine attempts to authenticate to the network, it must first pass a minimum check for software updates, antivirus and any other security-related policy deemed essential. If those conditions aren’t met, the machine will be given access to only a remediation server where, in many cases, the offending issues can be taken care of automatically. The NAP client agent is embedded into Windows Vista, although it must be turned on, and will be a part of Windows XP SP3.

Internet Information Server 7 (IIS7), which ships with Windows Server 2008, also includes a number of improvements on the security front. A new configuration file and management tool makes it easy to add or remove functions. Limiting functions means reducing the overall attack surface and the level of effort required to maintain a strong security posture. Managing an IIS web server previously required administrator privileges. IIS7 introduces delegated role-based management over H TTPS.

Remote management has been significantly enhanced through both the Microsoft Management Console and a new secure Windows Remote Shell. WS-Management support is available as well as WMI, giving IT administrators more options for managing remote systems through scripts. Neither of these functions is enabled by default. They must be explicitly turned on for security reasons.

Other enhancements include read-only domain controllers for enhanced remote-office applications, rights management services for protecting documents, data and e-mail from unauthorized access and enhanced authentication through Active Directory Federated Services.

============================================================================

Microsoft launches Windows Server 2008 RC1

Colin Barker ZDNet.co.uk
06 Dec 2007 12:32 GMT

http://news.zdnet.co.uk/software/0,1000000121,39291330,00.htm

As Microsoft starts the final countdown to what it is billing as the "biggest launch wave in the company's history", it has announced that customers can now download Windows Server 2008 Release Candidate 1.

The announcement came on Wednesday as the company confirmed 27 February as the launch date for Windows Server 2008. Microsoft also said it would be launching SQL Server 2008 and Visual Studio 2008 at the 27 February event, which will be held in Los Angeles.

Despite its name, Release Candidate 1 (RC1) is actually Microsoft's second Windows Server 2008 release candidate. In September, the company shifted from its usual practice in numbering its release candidates, with the first release candidate numbered '0', rather than '1'. At the time Microsoft said that RC0 was "feature-complete but not far enough along in the development process to be called RC1".

Microsoft said it was committing $150m (£73m) of funding to woo IT professionals and developers and said it was developing additional partner programmes in preparation for the launch.

The software giant's launch event will be branded "Heroes happen here". It claims the launch will be "focused on celebrating the incredible work that IT professionals and developers do to deliver heroic results to their organisations, colleagues and customers".

According to Andy Lees, corporate vice president of the Server and Tools Marketing and Solutions Group at Microsoft, it will be "the largest enterprise launch in our history, and both Microsoft and many of our industry partners are making a significant investment in a worldwide rollout".

« WAVX DD Home | Email msg. | Reply to msg. | Post new | Board info.

Previous | Home | Next