Hirsch, Juniper and Infoblox Team for Network and Physical Security Tie-in

Hirsch Electronics, a supplier of physical security management solutions, has teamed with IT industry companies Juniper Networks and Infoblox to tie physical and network security together.

As a result, the company said, customers can improve security and enhance compliance efforts by establishing physical presence as a policy for gaining access to various network resources.

The solution was implemented by the three companies using the open Trusted Network Connect architecture and IF-MAP open-standard protocol for metadata exchange endorsed by more than 100 companies that comprise the Trusted Computing Group (TCG). For Hirsch's part in this solution, Hirsch Velocity Security Management System sent IF-MAP based physical event messages (metadata) to the Infoblox appliance, which in turn notified the Juniper network appliance that enforced Network Access Control (NAC) policies.

NAC, widely embraced by the IT and networking industry, enforces a variety of network security policy checks. For instance, a NAC enabled network can prevent a computer from accessing other resources until the computer is confirmed to have an adequate level of anti-virus protection. NAC enabled routers, switches, and firewalls can grant or deny a given user wired or WI-FI network access to the Internet or access to other network resources such as datacenter servers, IP phones, and more. This new capability takes NAC one step further by allowing a person's physical presence to be used as a pre- and post-network admission policy.

A demonstration of this new linkage between physical and network security was showcased in the Trusted Computing Group's Interop Las Vegas booth in May.

"This is an excellent proof-point for how extensible the Trusted Network Connect architecture and TCG's specifications are," said Stephen Hanna, co-chair of TCG's Trusted Network Connect Work Group and Juniper Networks distinguished engineer. "Through TCG's IF-MAP protocol, physical security events can now trigger network security enforcement policies and vice-versa. Hirsch's support and innovative collaboration with other TCG members Juniper and Infoblox has demonstrated that TNC can be deployed to make security pervasive in any organization."

Stuart Bailey, chief technology officer for Infoblox and IF-MAP specification co-editor, said, "The demo was very compelling; many of the Interop attendees who viewed it expressed interest in deploying this type of multi-dimensional security that can link network access policy to physical presence and vice-versa. This gives us further confidence that MAP solves real-world problems and opens up exciting applications. We're excited to be working with TCG and with leaders like Hirsch and Juniper to bring about a new era of open, interoperable systems."

"With this multi-vendor effort, we are on the cusp of delivering a comprehensive security solution with policy enforcement from building entrance to the computer and phone to the 'cloud,'" said Bob Beliles, vice president of enterprise business development for Hirsch Electronics. "At a minimum, by requiring employees to badge-in prior to gaining network access, organizations should see a significant reduction in 'tailgating.'"

Tailgating is the situation where one employee or an unauthorized person bypasses the access control system and audit logs by following an authorized employee through a door without each person presenting his card or code to the entry reader.

Beliles said, "Moreover, the same Hirsch credential, with its secure digital identity, could not only be used to enter a building, it could also be used to log-on to a PC and used again for authenticating network access requests. As a result, organizations should be able to more easily account for who is inside their buildings and better comply with various government and industry regulations."

((Comments on this story may be sent to newsdesk@closeupmedia.com))

Related terms: architecture, computer, electronics, government, networking, policy, president, regulations, security, wisconsin