A range of both hardware and software makers have announced work on a new security specification for PCs connecting to a network - something which they say will dramatically reduce the danger of viruses, denial of service attacks and software vulnerabilities.
Development of the Trusted Network Connect specification, due to be made available later this year, will take place under the auspices of the Trusted Computing Group (TCG), an industry consortium linked to Microsoft and Intel's efforts at building security and digital rights management into the deepest levels of the PC. Work by the TCG and Microsoft to allow content owners to control access to content and software on a user's PC have been criticised by civil rights groups and by the EU.
The connection specification aims at removing the danger posed by insecure PCs connecting to a corporate network, a danger which has grown with the spread of laptops and other mobile computing devices in the enterprise. The specification will work with the TCG's Trusted Platform Module, a chip already being built into some PCs that stores encryption keys, passwords and digital certificates, though the module will not be required.
Extreme Networks, Foundry Networks, Funk Software, InfoExpress, iPass, Juniper Networks, Meetinghouse Data Communications, Network Associates, Sygate, Symantec, Trend Micro and Zone Labs have joined the TCG as part of the Trusted Network Connect specification, and will work under a new sub-group devoted to the technology. The specification will standardise efforts already underway by some security vendors and will help integrate these measures with hardware. Network Associates' ThreatScan product, for example, already carries out some of the specification's functions.
The technology will first of all ensure that a system reaches a basic level of security before it's allowed to connect to the network - ensuring that all anti-virus signatures are up to date, particular applications are upgraded to a certain level, and particular patches are installed. Machines that aren't up to scratch will be held in quarantine and could even be automatically upgraded.
"Networks are more and more porous, with PDAs, laptops, wireless networks and Bluetooth more and more in use in the enterprise," said a Network Associates spokesman. "We are collaborating on a trusted connection strategy that will be interoperable with our competitors' products."
An industry-standard way of ensuring the client security could be valuable to companies that have traditionally relied on security at the perimeter of the network, say industry observers. "The problem with securing the network border is that now most people's networks include large numbers of laptops, which spend at least part of their life outside of the corporate network," said Nick Ray, chief executive of software security firm Prevx. "When they go out of the office, they don't benefit from that border security and they get infected, then bring the infection into the company. There's definitely some value in validating the security status of clients before they connect."
The TCG's initiative is part of a broader industry effort to incorporate security more deeply into upcoming generations of PCs, an effort which has controversially included giving software vendors and content owners more control over what end users do with content and software. Part of the criticism has focused on the efforts of Intel and other TCG members to promote Trusted Platform Modules, which have been criticised for eroding users' anonymity. The TCG said the connection specification will work without a hardware module, but that systems using the modules would benefit from higher levels of security.
Whatever benefits the TCG's efforts may bring, it would be a mistake to think of any single development as having a decisive impact on security, according to Mark Sunner, chief technology officer at secure messaging provider MessageLabs. "It would be an illusion to think that a hardware-based security approach will eradicate these threats," he said. "The perpetrators of these things are not going to stand still. They will always find some way around whatever barriers are put in place. It's an ongoing arms race."