Network Equipment

Network Equipment

The world is interconnected by computer networks, which have become critical to the operation of a broad range of devices and services. Preserving the integrity and security of network equipment such as routers, switches and firewalls is essential to maintaining reliability and integrity of network services. Network infrastructure must implement strong protection mechanisms to defend against sophisticated attacks against infrastructure and connected devices.

Network equipment has some properties that are unique to network equipment, which include:

  • Always On: Network equipment is “always on” and thus subject to advanced persistent threats (APTs).
  • Long Life Cycle: Network Equipment often has a long life cycle, must stay operational in the network for years with little downtime and therefore uses modularity and redundancy to maintain availability.
  • Unattended Operation: Network equipment typically must boot and operate without manual intervention for a long time.
  • Device Identity: Network equipment requires a strong device identity to expose itself unambiguously to the management system.
  • Privacy Protection: Network equipment has an important role in protecting the privacy of users.

Network Equipment Work Group is focused on requirements and use cases, and is providing security best practices, recommendations and specifications to enhance security and privacy for application of Trusted Computing technology in network infrastructure. The work group also provides analysis, use cases and advice to other work groups where network equipment knowledge is needed to achieve viable security and privacy protection.

Related Documents

Resource Name
Establishing Network Equipment Security
TCG Guidance for Securing Network Equipment
Architect’s Guide for Securing Network Equipment

Michael Eckel

Cyber Security Researcher, Fraunhofer SIT; Work Group Co-Chair

Michael Eckel is a cyber security researcher for Fraunhofer SIT. Previously, he was a security technologist at Huawei Technologies, mobile software developer at Boostix, and a web and software developer for a number of other companies. He holds a Masters Degree in Computer Science.

Eckel currently participates in the Trusted Computing Group’s Network Equipment subgroup, working to secure vulnerable network equipment.

Tom Laffey

Senior Platform Security Architect, Hewlett Packard Enterprise; Work Group Co-Chair

Tom Laffey is Senior Platform Security Architect at Aruba Networks, a Hewlett Packard Enterprise company. He also co-chairs the Network Equipment subgroup at Trusted Computing Group. At HPE, he works to advance cyber-security and cyber resiliency of HPE Aruba platforms and devices. Prior to this work, Laffey was with Hewlett-Packard ProCurve Networking, leading development of security features, including PKI, authentication, use of TPMs, SSL/TLS, IPsec, MACsec, file signing and system integrity, as well as FIPS compliance, for managed switch products. He has also led architecture and chip design projects for Northrop Grumman, Sierra Logic and VeriFone. Laffey holds a B.S. degree in computer engineering from California State University – Sacramento.