ArcSight、Aruba、Infoblox、Lumeta Networks以及Juniper已經(jīng)展示了一種鏈接公共安全性數(shù)據(jù)庫的新協(xié)議。該個被稱為IF-MAP的協(xié)議構成了Trusted Computing Group(TCG)剛剛出版的網(wǎng)絡接入控制2.0標準的核心,TCG是一家解決安全性問題的廣泛且松散的組織。

新的協(xié)議針對常見的共享數(shù)據(jù)庫定義了一種標準的接口,從而掌握誰在網(wǎng)絡上以及每一個節(jié)點在干什么。其目標就是針對日益增加的自動客戶系統(tǒng)——包括RFID系統(tǒng)——的數(shù)量,減輕為企業(yè)網(wǎng)提供一體化安全性解決方案時面臨的挑戰(zhàn)。它是通過對2005年首次被采用的原始NAC標準進行升級而得到的。

“NAC 1.0是控制誰在網(wǎng)絡上的關鍵,但是,問題在于有許多新類型的節(jié)點,如庫存控制設備以及機器人,并且它們均具有IP地址,這樣用戶需要控制它們,”擔任Trusted Network Connect委員會聯(lián)執(zhí)主席的Juniper Networks的Steve Hanna就是開發(fā)該協(xié)議的一位著名工程師。

IF-MAP是元數(shù)據(jù)接入點接口(Interface to Metadata Access Point)的縮寫,官方出版于4月28日。各公司在上周與拉斯維加斯舉行的Interop上首次展示該技術。

供應商可以免費實現(xiàn)安全性數(shù)據(jù)庫,因為他們認為這是合適的,只要它們支持通用接入?yún)f(xié)議。新的接口不需要任何硬件的改變。

“那就是為什么我們能夠讓如此多公司在短時間內利用它創(chuàng)建演示方案的原因,”Hanna表示。

TCG正在攜手互聯(lián)網(wǎng)工程任務組協(xié)調它們目前針對安全的網(wǎng)絡接入所進行的各自標準的研究。

翻頁查看英文原文:

Net vendors demo improved security protocol

A handful of vendors have demonstrated a technique to help companies more easily secure a rising number of Internet Protocol devices accessing their private business networks.

ArcSight, Aruba, Infoblox, Lumeta Networks and Juniper have demonstrated a new protocol to link to a common security database. The protocol, called IF-MAP, is at the core of the Network Access Control 2.0 standard just published by the Trusted Computing Group, a broad ad hoc security organization devoted to security.

The new protocol defines a standard interface to a common shared database of who is on a network and what each node is doing. It aims to ease the job of providing integrated security for corporate nets in the face of a rising number of automated clients including RFID systems. It is an upgrade of the initial NAC standard first adopted in 2005.

"NAC 1.0 is key in controlling who gets on the network, but the problem is there are many new kinds of nodes like inventory control devices and robots, and they all have an IP address and so users need to control them," said Steve Hanna a distinguished engineer at Juniper Networks who co-chairs the Trusted Network Connect committee that developed the protocol.

IF-MAP, which stands for Interface to Metadata Access Point, was officially published April 28. Companies first demonstrated the technology at Interop in Las Vegas last week.

Vendors are free to implement the security database as they see fit as long as they support the common access protocol. The new interface does not require any changes in hardware.

"That's how we were able to get so many companies to create a demo using it in a short amount of time," said Hanna

The Trusted Computer Group is working with the Internet Engineering Task Force to harmonize their currently separate standards for secure network access.