TCG has been working on an important new area for security: network equipment. While much has been made of protecting data on the network, the actual equipment has been somewhat shortchanged on security. This is critical, since it is possible – and perhaps event likely – that unauthorized devices can get access. Or unauthorized code can interfere with network operations. Finally, firmware can be implanted or revised, making network attacks difficult to detect and remove.
Using its extensive collective knowledge of hardware security and networking, TCG is formally addressing network equipment security and will develop standards and guidance. A new publication, the TCG Guidance for Securing Network Equipment Preview Synopsis (http://www.trustedcomputinggroup.org/wp-content/uploads/NetEq-Synopsis_1_0r3.pdf), has been published to summarize that effort.
TCG’s work looks at using the established and widely vetted international standard TPM for customer premise equipment and gateways. The TPM can provide secure boot, secure storage of VPN keys and other secrets and a cryptographic-quality random number generator. The TPM also increases resistance to physical attacks, while supporting confirmation of device identity.
Learn more about this effort here (http://www.trustedcomputinggroup.org/establishing-network-equipment-security/). Those interested in joining the effort can learn more about the group here, http://www.trustedcomputinggroup.org/membership/.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.