Remote connectivity, cross-organisation collaboration
and electronic transactions depend on trustworthy end-points. Are
industry standards needed?
Trends such as home and mobile working, deperimeterisation,
outsourcing and the expansion of B2C and B2B e-commerce have
increased the number of devices used in electronic transactions.
This is placing new demands on businesses to provide trusted access
to their services.
End-point security is about raising the level of trust in
computing devices to a point where all the devices involved in a
transaction meet the criteria of trust for that transaction. The
trust level must vary according to a range of factors, including
risk, transactional value, location and time.
Currently, end-point security is generally limited to validating
clients trying to connect into "your" environment, with the trust
being one-way - the client is not always able to form an opinion
about "you" even though you have established the means to gain an
opinion about the client.
Such one-way trust leads to attacks such as phishing.
Being able to mutually establish the trust level of end-points
allows more valuable transactions to take place electronically. The
flexibility of having devices from multiple organisations or users
that can have their trust level validated upon trying to transact
with your applications - as opposed to validation when they try to
connect to your network zone - enables more flexible and secure
ways of working.
End-point security operates by managing end-points and network
security boundaries or zones. Generally, traffic can enter and
leave the zone only through a zone security device. There is
therefore a single point of failure and the zone security device is
susceptible to denial of service attacks. Depending on where
control is placed, it may not allow internet routing to work
efficiently.
Also, many end-points do not support 802.1x mobile standards, or
need an agent installed to measure security posture and so need
special management. Using agent-based software between different
organisations is difficult because the agents may not interoperate.
Different agents are likely to clash, and "on-demand" installation
of agents is unlikely to work if the end-point is locked down.
Another concern is that access control mechanisms such as
network access protection and network access control rely on a
secure connection to the corporate network. But devices such as
PCs, servers, phones and handheld computers may need to connect
securely via a public or third-party network,
Where end-point registration is required in a deperimeterised
environment, an organisation needs to be able to register
end-points from many sources - its own, and customers' and
suppliers' end-points. Conversely, end-points must be capable of
being registered in several organisational zones simultaneously.
Many of the identity management services being developed for users
(registration, federation, single sign-on) are also required for
end-points.
User agents must be able to access not just user credentials and
tokens, but end-point credentials and posture checking agents.
Similarly, access management services must make access decisions
based on user and end-point attributes.
The current browser "sandbox" concept needs to be expanded from
one-way trust to support two-way trusts, allowing a device to make
a secure connection and interact, and with each party able to
validate that the other is appropriately isolated.
For systems that interact using inherently secure protocols,
both systems must be capable of validating the trust via a standard
secure protocol, either directly or, more likely, through a trust
broker.
Standards are required so that security agents placed on
end-points can interoperate, and an end-point requires only a
single agent. This allows agents to expand onto a wide variety of
end-points such as phones, PDAs, network devices and all PCs, not
just Wintel computers.
Standards are required for bi-directionally secure sandboxes.
This is probably a good subject for academic study. Collaboration
is required to develop a secure protocol so that a security agent
on an end-point can be securely validated by remote end-points.
IT security user group the Jericho Forum believes that being
able to trust a remote end-point is essential to allow remote
connectivity and cross-organisation collaboration in a
deperimeterised environment. This trust level is also a solid step
to being able to trust a user who claims to have strongly
authenticated on that end-point.
The industry needs to develop open standards for trust clients
to allow the widest variety of clients to connect and authenticate,
without needing a one-to-one match of software at both ends of the
transaction. In a deperimeterised world, companies will have more
systems not connecting to "their" network but transacting via
inherently secure protocols. It is essential for any end-point
security solution to support this model.
● John Arnold, computer security consultant at Capgemini, is a
contributor to the Jericho Forum's endpoint strategy