In the last year or so, TCG members active in developing and supporting network equipment, such as switches, routers and firewalls, have been actively working to develop specific guidance and how-to for protecting these devices against attacks.
Why worry about network equipment, when endpoints and “things” seem the most vulnerable? In reality, a number of recent attacks, as CherryBlossom and Marai, have exposed some networks and data, resulting in significant data loss and impact to business.
Members in TCG’s network equipment group now have published a new guidance and an architects guide that offers specific recommendations and best practices to secure against compromise. The guidance includes how to use strong hardware security enabled by the Trusted Platform Module (TPM) ensures that equipment is tamper-resistant and protected against a variety of attacks.
How will manufacturers use this guidance? At the upcoming Mobile World Congress, a demo will showcase TCG member Juniper Networks® SRX320 Services Gateway protected with the Infineon OPTIGA™ TPM .
The TPM prevents physical and logical tampering of the router and securely stores an encrypted hash. If the router configuration is updated but not authorized, the router will not boot, thereby preventing a potential attack.
The companies also will discuss implementation of the guidance and TPM in a webcast on Feb. 21, 2018.
Of course, there have been some challenges in determining how to secure network equipment. TCG’s work recognizes that network equipment is shipped as a closed embedded system with security provided by the unit as a whole; equipment must boot and operate without manual intervention; and the equipment itself typically should not have the ability to hide or mask its own identity. As with many embedded and industrial systems, network equipment typically has a long life cycle. The guidance doc offers 12 use cases, of which the MWC demo is just one.
Recommendations offered by TCG and members include:
Learn more about how to increase network equipment security and design in foundational security: https://trustedcomputinggroup.org/work-groups/network-equipment/.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.