Trusted Computing Group Releases Network Equipment Security Guidance
February 13 2018 - 1:00PM
Business Wire
TCG Members Infineon Technologies and
Juniper Networks Demonstrate How to Secure Network Equipment
with TPM at Mobile World Congress
Trusted Computing Group (TCG) today announced new guidance and
an architects guide to secure network equipment. At Mobile World
Congress Feb. 26-March 1, TCG members Infineon Technologies and
Juniper Networks will demonstrate these recommendations in Stand
6C4, Hall 6.
Recent attacks such as CherryBlossom and Marai have exposed some
networks and data, resulting in significant data loss and impact to
business. TCG’s new guidance and architects guide, developed with
input from network equipment makers and their suppliers, offer
designers and developers of network equipment, including routers,
switches and firewalls, specific recommendations and best practices
to secure against compromise. Strong hardware security enabled by
the Trusted Platform Module (TPM) ensures that equipment is
tamper-resistant and protected against a variety of attacks.
The Mobile World Congress demo will showcase the Juniper
Networks® SRX320 Services Gateway protected with the Infineon
OPTIGA™ TPM. The TPM prevents physical and logical tampering of the
router and securely stores an encrypted hash. If the router
configuration is updated but not authorized, the router will not
boot, thereby preventing a potential attack. This is just one of
the 12 use cases described in the guidance document. The companies
also will discuss implementation of the guidance and TPM in a
webcast on Feb. 21, 2018.
TCG recognizes that network equipment is shipped as a closed
embedded system with security provided by the unit as a whole;
equipment must boot and operate without manual intervention; and
the equipment itself typically should not have the ability to hide
or mask its own identity. As with many embedded and industrial
systems, network equipment typically has a long life cycle.
Recommendations offered by TCG and members include:
- Devices should use a TPM as a
hardware-based root of trust
- Devices should provide a cryptographic
device identity based on IEEE 802.1AR and use the TPM to protect
keys. Cryptographic identity can provide a reliable way to identify
remote devices for applications involving device management,
configuration and authentication
- The TPM can be used to protect
confidential data, such as VPN keys in network equipment
- TPM-based attestation can offer
assurance to the integrity of software running on network
equipment
- Use of the TPM’s random number
generator can enhance the strength of cryptographic protocols by
providing additional entropy
Implementing these recommendations can raise the bar for network
equipment security and substantially increases the difficulty for
attackers who want to undermine this security.
About TCG
TCG (@TrustedComputin) is a not-for-profit organization that
develops, defines and promotes open, vendor-neutral, global
industry standards, supportive of a hardware-based root of trust,
for interoperable trusted computing platforms. More information
about TCG is available at www.trustedcomputinggroup.org.
Follow TCG on Twitter and on LinkedIn.
Brands and trademarks are the property of their respective
owners.
Tweet this: See new way to secure network equipment blocking
attacks, malware, protecting data
#TPM #MWC18 @TrustedComputin @Infineon @JuniperNetworks
Stand 6C4, Hall 6 http://ow.ly/GXHa30iidhO
View source
version on businesswire.com: http://www.businesswire.com/news/home/20180213005463/en/
PR Works, Inc.Anne Price,
+1-602-330-6495anne@prworksonline.comTwitter: @TrustedComputin