End-point security: a matter of trust

Remote connectivity, cross-organisation collaboration and electronic transactions depend on trustworthy end-points. Are industry standards needed?

Remote connectivity, cross-organisation collaboration and electronic transactions depend on trustworthy end-points. Are industry standards needed?

Trends such as home and mobile working, deperimeterisation, outsourcing and the expansion of B2C and B2B e-commerce have increased the number of devices used in electronic transactions. This is placing new demands on businesses to provide trusted access to their services.

End-point security is about raising the level of trust in computing devices to a point where all the devices involved in a transaction meet the criteria of trust for that transaction. The trust level must vary according to a range of factors, including risk, transactional value, location and time.

Currently, end-point security is generally limited to validating clients trying to connect into "your" environment, with the trust being one-way - the client is not always able to form an opinion about "you" even though you have established the means to gain an opinion about the client.

Such one-way trust leads to attacks such as phishing.

Being able to mutually establish the trust level of end-points allows more valuable transactions to take place electronically. The flexibility of having devices from mul­tiple organisations or users that can have their trust level validated upon trying to transact with your applications - as opposed to validation when they try to connect to your network zone - enables more flexible and secure ways of working.

End-point security operates by managing end-points and network security boundaries or zones. Generally, traffic can enter and leave the zone only through a zone security device. There is therefore a single point of failure and the zone security device is susceptible to denial of service attacks. Depending on where control is placed, it may not allow internet routing to work efficiently.

Also, many end-points do not support 802.1x mobile standards, or need an agent installed to measure security posture and so need special management. Using agent-based software between different organisations is difficult because the agents may not interoperate. Different agents are likely to clash, and "on-demand" installation of agents is unlikely to work if the end-point is locked down.

Another concern is that access control mechanisms such as network access protection and network access control rely on a secure connection to the corporate network. But devices such as PCs, servers, phones and handheld computers may need to connect securely via a public or third-party network,

Where end-point registration is required in a deperimeterised environment, an organisation needs to be able to register end-points from many sources - its own, and customers' and suppliers' end-points. Conversely, end-points must be capable of being registered in several organisational zones simultaneously. Many of the identity management services being developed for users (registration, federation, single sign-on) are also required for end-points.

User agents must be able to access not just user credentials and tokens, but end-point credentials and posture checking agents. Similarly, access management services must make access decisions based on user and end-point attributes.

The current browser "sandbox" concept needs to be expanded from one-way trust to support two-way trusts, allowing a device to make a secure connection and interact, and with each party able to validate that the other is appropriately isolated.

For systems that interact using inherently secure protocols, both systems must be capable of validating the trust via a standard secure protocol, either directly or, more likely, through a trust broker.

Standards are required so that security agents placed on end-points can interoperate, and an end-point requires only a single agent. This allows agents to expand onto a wide variety of end-points such as phones, PDAs, network devices and all PCs, not just Wintel computers.

Standards are required for bi-directionally secure sandboxes. This is probably a good subject for academic study. Collaboration is required to develop a secure protocol so that a security agent on an end-point can be securely validated by remote end-points.

IT security user group the Jericho Forum believes that being able to trust a remote end-point is essential to allow remote connectivity and cross-organisation collaboration in a deperimeterised environment. This trust level is also a solid step to being able to trust a user who claims to have strongly authenticated on that end-point.

The industry needs to develop open standards for trust clients to allow the widest variety of clients to connect and authenticate, without needing a one-to-one match of software at both ends of the transaction. In a deperimeterised world, companies will have more systems not connecting to "their" network but transacting via inherently secure protocols. It is essential for any end-point security solution to support this model.

● John Arnold, computer security consultant at Capgemini, is a contributor to the Jericho Forum's endpoint strategy

Read more on IT risk management