Securing the security

Trusted Computing Group offers standards for network devices
Monday, June 1, 2009

SANTA ANA, Calif.--When Hirsch Electronics joined the Trusted Computing Group back in September, some industry members may have been scratching their heads. What’s an access control company doing joining a group with the likes of IBM, HP, Microsoft, Juniper, Intel and RSA?

In order to realize cost savings with a networked security system, reasoned Bob Beliles, Hirsch’s vice president of enterprise business development, you need to work with a shared IP infrastructure. But, “there’s so much more to supporting a mission-critical operation like security over a shared infrastructure than just bolting on an Ethernet nick to the back of a security device and running with it, like: ‘Look, Mom, I can run video over a network! Isn’t that cool!’”

Security devices need to be good network citizens, as well, which means having security measures built in that make sure those devices aren’t open to malicious users employing them to bring down or spy on a network.

“And that’s what Trusted Computing Group is all about,” Beliles said. “It’s making sure there’s a standard way for making sure the device can handle information as it passes it along or maintains it at rest.”

The standards body at TCG is called Trusted Network Connect, said Steve Hanna, who co-chairs the body. “Every part of the architecture is open to everybody on the Internet to get a copy,” he said, “and to implement it. The goal is to provide strong network security throughout the network and all of the operation, with products from different vendors being used together.”

Other physical security companies involved with the TCG include HID, Lockheed Martin, and Gemalto.

Integrators should be asking their vendors, Hanna said, whether they conform to network security standards, as the consequences of a network security breach through an IP camera, for example, could be high. “Physical security devices are computing devices as well,” Hanna noted. “With a device like a camera that includes a sensor, we’ve seen a case where a virus will turn on the camera, in the middle of the night, and it can be used to monitor activities.” He also said cameras can host denial of service attacks, where the camera simply starts flooding the network with so much bad information the entire network shuts down.

Next up for the TCG is the IF MAP standard, which will allow devices on the network to be much more aware of each other, so, for example, “you can put in a policy that says authorized users allowed on the network must have already badged into the particular building.” If manufacturers implement this standard, and some devices are shipping with it soon, it will be much easier to correlate physical location with network location, which may offer many benefits for physical security integrators looking to offer customers more information about who’s doing what in their facilities.