[IDS] My action item from Seattle

[IDS] My action item from Seattle

[IDS] My action item from Seattle

Randy Turner rturner at amalfisystems.com
Sun Aug 23 04:49:54 UTC 2009

Hi All,

I took an action item to forward information I received from Steve  
Hanna regarding the requirement for TPMs in hardcopy devices, and  
whether or not we should be concerned about going
forward with "software-based" assessment checks only.

The text below is from Steve regarding this issue...



You asked me whether TPM-based health checks are needed
for hard copy devices today. Let me answer, based on the
customer requirements for NAC that I have heard over the
last few years. Note that this is my PERSONAL viewpoint.
I am not speaking on behalf of Juniper or TCG.

 From a market perspective, Gartner has estimated that NAC
was a $221m market in 2008 and will grow about 25% in 2009.
None of that uses TPM-based health checks, as far as I know.
Nobody is using TPM-based health checks on production networks
today. Some people have done demos but nobody has TPM-based
NAC in production.

Why do people deploy software-based NAC (without TPM)? Because
they want to have more control over and insight into what's on
their networks than they have today with no NAC. Without TPM,
they have less than complete certainty about the health of
endpoints but security is never absolute. Software-based
health checks are better than no health checks at all.

Of course, I hope that we'll eventually get to a world
where TPM-based health checks are widely used. I expect
that will eventually happen as the arms race between
attackers and defenders escalates. But we're not there
yet. Software-based health checks are good enough for
most customers today.

If hard copy device manufacturers ask their customers whether
they need TPM-based health checks, I expect that they will
hear "Eventually but not yet. Software-based health checks
are good enough for now." If they hear something else,
I'd like to know. It would be an encouraging sign if some
customers are demanding TPM-based health checks for printers!


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the ids mailing list