- 10 IT security companies to watch
- Mobile phone chargers are energy vampires
- Smartphone smackdown: Storm vs. iPhone
- Video game collisions I'd like to see
- Court slams door on sale of spyware
Senior Editor Tim Greene clarifies issues surrounding the evolving NAC security architecture.
At the Black Hat conference this week, a researcher pointed out vulnerabilities that can be present in devices that rely on Active X to download clients.
The presentation by Michael Zusman, a senior consultant for the Inrtrepidis Group, was focused on the impact this has on some SSL VPN products, but the lesson is just as valid for NAC clients that are downloaded to client machines via Active X.
Zusman, whose background includes a stint at SSL VPN vendor Whale Communications (now part of Microsoft) described several hacks against SSL VPN agents that are downloaded at the start of sessions. When he told vendors about them, they took steps to block his exploits.
One of the vulnerabilities he perceived was that part of some SSL products include an endpoint scan similar to what is done in NAC using dissolvable clients based on Active X. In fact, NAC’s endpoint-checking element is seen by some as an outgrowth of this capability in SSL VPNs. (Compare NAC products)
He asserts that in SSL VPNs the process can be exploited and an attacker could alter the data from the scan so a non-compliant device could gain access. Similarly, a device could gain more access than its actual state should allow.
Basically, he’s pointing out one way the information an endpoint serves up about itself can be unreliable and that if it is, that can expose the network to greater risk.
This problem with devices reporting on their own state - known as the lying endpoint - is acknowledged within NAC circles. One way around it is use of hardware chips in endpoints that verify the integrity of the machine in a secure state as outlined by Trusted Computing Group. Zusman’s talk gives another reason to take a look at this.
Tim Greene is senior editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment