Secure End Node (network)
Encyclopedia
A Secure End Node is a trusted
, individual computer that temporarily becomes part of a trusted, sensitive, well-managed network. The remote, private, and secure network might be organization's in-house network or a cloud
service. A Secure End Node solves/mitigates End Node Problem
. This typically involves strong authentication
of the computer's hardware and software plus strong user authentication. In the future, the device-user's environment (location, activity, other people, etc.) by means of its trusted sensors (camera, microphone, GPS, radio, etc.) could provide authenication (or cause for denial). The level of trust required and the probable threat dictate how far down into the computer, user, and environment trust must reach.
The common, but expensive, technique is for the network owner to issue known, trusted, unchangeable hardware to users. For example and assuming apriori access, a laptop's TPM chip can authenticate the hardware (likewise a user's smartcard authenticates the user). A different example is the DoD
Software Protection Initiative's Cross Fabric Internet Browsing System that provides browser-only, immutable, anti-tamper thin clients to users Internet browsing. Another example is a non-persitent, remote client that boots over the network.
A less secure but very low cost approach is to trust any hardware (corporate, government, personal, or public) but restrict user and network access to a known kernel (computing)
and higher software. An implementation of this is a Linux
Live CD
that creates a stateless
, non-persistent client, for example Lightweight Portable Security
. A similar system could boot a computer from a flashdrive or be an immutable operating system within a smartphone or tablet.
Trusted Computing
Trusted Computing is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by...
, individual computer that temporarily becomes part of a trusted, sensitive, well-managed network. The remote, private, and secure network might be organization's in-house network or a cloud
Cloud computing
Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility over a network ....
service. A Secure End Node solves/mitigates End Node Problem
End Node Problem
The End Node Problem arises when untrusted, individual computers temporarily become part of a trusted, well-managed network.Within a vast computer network, the individual computers on the periphery of the network and those that often attach transiently to one or more clouds are called end nodes...
. This typically involves strong authentication
Strong authentication
Strong authentication is a notion with several unofficial definitions; is not standardized in the security literature.Often, strong authentication is associated with two-factor authentication or more generally multi-factor authentication...
of the computer's hardware and software plus strong user authentication. In the future, the device-user's environment (location, activity, other people, etc.) by means of its trusted sensors (camera, microphone, GPS, radio, etc.) could provide authenication (or cause for denial). The level of trust required and the probable threat dictate how far down into the computer, user, and environment trust must reach.
The common, but expensive, technique is for the network owner to issue known, trusted, unchangeable hardware to users. For example and assuming apriori access, a laptop's TPM chip can authenticate the hardware (likewise a user's smartcard authenticates the user). A different example is the DoD
United States Department of Defense
The United States Department of Defense is the U.S...
Software Protection Initiative's Cross Fabric Internet Browsing System that provides browser-only, immutable, anti-tamper thin clients to users Internet browsing. Another example is a non-persitent, remote client that boots over the network.
A less secure but very low cost approach is to trust any hardware (corporate, government, personal, or public) but restrict user and network access to a known kernel (computing)
Kernel (computing)
In computing, the kernel is the main component of most computer operating systems; it is a bridge between applications and the actual data processing done at the hardware level. The kernel's responsibilities include managing the system's resources...
and higher software. An implementation of this is a Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
Live CD
Live CD
A live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive...
that creates a stateless
State (computer science)
In computer science and automata theory, a state is a unique configuration of information in a program or machine. It is a concept that occasionally extends into some forms of systems programming such as lexers and parsers....
, non-persistent client, for example Lightweight Portable Security
Lightweight Portable Security
Lightweight Portable Security is a Linux LiveCD developed and publicly distributed by the United States Department of Defense’s Software Protection Initiative that is designed to serve as a Secure End Node. It can run on on almost any Intel-based computer . LPS boots only in RAM, creating a...
. A similar system could boot a computer from a flashdrive or be an immutable operating system within a smartphone or tablet.
See also
- Host (network)Host (network)A network host is a computer connected to a computer network. A network host may offer information resources, services, and applications to users or other nodes on the network. A network host is a network node that is assigned a network layer host address....
- Node (networking)Node (networking)In communication networks, a node is a connection point, either a redistribution point or a communication endpoint . The definition of a node depends on the network and protocol layer referred to...
- End Node ProblemEnd Node ProblemThe End Node Problem arises when untrusted, individual computers temporarily become part of a trusted, well-managed network.Within a vast computer network, the individual computers on the periphery of the network and those that often attach transiently to one or more clouds are called end nodes...
- Trusted ComputingTrusted ComputingTrusted Computing is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by...