NAC's Evangelist Works Both Sides Of Standards Debate

Network access control, an approach to network security that focuses on endpoint security, has largely been bogged down in competing frameworks, hype, and general confusion about what exactly NAC is.

But NAC's future is clear to Steve Hanna, distinguished engineer at Juniper Networks. He believes a universally agreed-upon standard is critical to moving NAC forward, and he might have the influence to make it happen. Hanna co-chairs Trusted Computing Group's Trusted Network Connect and IETF's Network Endpoint Assessment groups--both key to NAC's development.

His work at Trusted Network Connect has focused on the standardization process and evangelizing the value of TNC standards. It's no secret Cisco Systems hasn't joined the Trusted Computing Group, and that a network-based protocol suite that doesn't involve the dominant market switch maker is untenable. IETF's NEA group was formed to loop Cisco and other companies not in the TCG into the standardization process. As a leader in both groups, achieving parity between them is one of Hanna's primary goals.

What really gets Hanna excited isn't committee meetings, it's upcoming NAC features that integrate more network-based services such as intrusion detection, security event management, and technologies that can aid in making intelligent decisions about the actions and health of an endpoint.

Q&A With Steve Hanna

InformationWeek: How will you work out differences between the standards developed by the Trusted Computing Group's Trusted Network Connect and the Internet Engineering Task Force's Network Endpoint Assessment working group?

Hanna: All of the NAC architectures and protocols are really quite similar. I don't think it will be too hard to bridge this gap.

InformationWeek: Instead of creating an IEF working group just to include Cisco, why not just face off and wait for someone to blink?

Hanna: TCG is committed to achieving universal NAC interoperability based on open standards. Playing games with Cisco wouldn't benefit anyone, especially customers. The sooner we can get everyone to agree on the standards, the better.

InformationWeek: So obviously the TNC and the IETF get the benefit of you co-chairing and bridging both groups. What does Juniper get?

Hanna: Juniper has always been a big support of open NAC standards. We were founding members of the TNC effort. Our NAC solution is based on the TNC standards. We have an interest in making sure that NAC standards work and work well. That's my job, and that's what Juniper gets from my role as TNC and IETF co-chair.

InformationWeek: Do you see a time when the various working groups in the TCG will combine work so that, for example, there will be a way to have a trusted boot process that can be reported through the TNC client?

Hanna: We already have that! TCG specifications can be used together or separately, at the customer's option. So you can do a trusted boot with TPM and then report the results through TNC. There are products shipping now that do this, and we often demo it at trade shows like Interop. Other combinations of TCG specs are used also: TPM-based authentication with TNC, etc.

Return to the story:
15 Innovators & Influencers Who Will Make A Difference In 2008 Continue to the sidebar:
The No-Brainers Of The Bunch