Q&A on ESUKOM with Jens Lucius, QA Manager and Trainer at NCP engineering, Part 3

Today, we round out our conversation with Jens Lucius, QA manager and trainer at NCP engineering on the ESUKOM project, an initiative that aims to develop a real-time security solution for enterprise networks based upon the correlation of metadata. As a core member of the project, NCP has compiled a technical paper on the project, as well. Q: NCP is also involved in the VOGUE project, which aims to develop an integrated security platform allowing mobile devices to access different IT systems securely. Can you provide any updates on this?  Jens: The VOGUE project has already reached its official end date but the results are still very exciting for current development in the market. The goal of VOGUE was to create a mobile system (in this case, an Android phone) with a reliable system configuration that cannot be easily changed. A serious problem introduced by smartphones connecting to company infrastructure is, an administrator does not know what components are running on that system and if the system is still in good health. VOGUE uses another TCG technology (the TPM) to “measure” the system state, transfer that to an enforcement system (via TNC protocol) and only allow VPN access if that state is correct.  While in ESUKOM, we try the secure the network on the central side, VOGUE aims at securing the mobile endpoint. At the time of the VOUGUE project there was no mobile phone with an integrated TPM, but now Windows 8 tablets are soon to be released including a TPM to secure the mobile platform so the results are still valid for upcoming technology. A demonstrator for the project result is hosted by the Fraunhofer SIT, a leading...

Automated Mobile Security, Part 3

The following is the third post in a series of excerpts from NCP engineering‘s technical white paper, Automated Mobile Security: Leveraging Trusted Network Connect (TNC) IF-MAP to provide automated security for company networks and mobile devices. Part one of the series can be found here; part two of the series can be found here. WHAT IS ESUKOM ? The ESUKOM research project aims at leveraging IF-MAP to provide security in mobile device environments. The project will bring IF-MAP support to several key open source products like Snort (intrusion detection), IPtables (firewall), Nagios, FreeRADIUS and ISC DHCP server, to the products of two commercial vendors: NCP engineering (VPN software) and Mikado Soft (NAC solution) and provide an IF-MAP Android client. With this diversity of IF-MAP enabled components, we try to provide example configurations for eight key features, which are the ultimate goal of this research project. More information about this project can be found at http://www.esukom.de Now that ESUKOM has been explained, stay tuned for the next post that will explain Realtime Enforcement Using IF-MAP. Also, for more information on the ESUKOM research project and NCP engineering’s role within it, see our three-part Q&A on the topic...

Automated Mobile Security, Part 2

The following is the second post in a series of excerpts from NCP engineering‘s technical white paper, Automated Mobile Security: Leveraging Trusted Network Connect (TNC) IF-MAP to provide automated security for company networks and mobile devices. Part one of the series can be found here. WHAT IS IF-MAP ? IF-MAP stands for InterFace for Metadata Access Points. You can think of IF-MAP as a central database for your IT-systems where they can store information or retrieve information from to get a real-time representation of the status of your network. There are three basic functionalities an IF-MAP enabled component can do: ► Publish: Clients can store information for other clients to see ► Search: Clients can search for published data using search patterns ► Subscribe: Clients can receive notification when other clients publish new data To store information in the MAP there are two different data types available: Identifiers and Metadata. Identifiers act as “root hub” for information stored in the IF-MAP. There are only 5 identifiers available: Identity, IP address, MAC address, Access Request and Device.  The other type of data is metadata, which has to be linked to at least one identifier but can also connect two identifiers. Each client has to authenticate itself securely to the MAP Server either with username and password or certificate based authentication. All data is transmitted safely with SSL encryption. Now that IF-MAP has been explained, stay tuned for the next post that dives into ESUKOM in more detail. Also, for more information on the ESUKOM research project and NCP engineering’s role within it, see our three-part Q&A on the topic...