How to incorporate TPM (Trusted Platform Module)

Unanswered Question
Jan 29th, 2009

Have any of you ever used TPM to secure a VPN connection into a corporate network? I'm interested in doing two factor authentication. Ideally, only laptops that I authorize will have access to the VPN tunnel. If the laptop were to be lost or stolen I'd like to have the ability to disallow its connection by revoking a cert for example. What are your thoughts on this and what steps have you taken to get this implemented? The firewall is an ASA5510. Thanks!

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Wed, 02/04/2009 - 11:53

There is a difference between trusting a user (after passing strong user authentication) and trusting that user's computer. While the former has traditionally been emphasized, only recently has the latter been given sufficient attention (see Trusted Platform Module - TPM). As discussed earlier, a Trojan-laden computer defeats strong user authentication. But a “company computer”, which is typically supported and managed according to corporate security policies, typically deserves more trust than a “non-company computer”. A secure SSL VPN infrastructure should allow you to verify a remote host's identity by checking on predefined end device parameters. Examples include registry entries, special files in a specified location, or digital certificates (as a form of device authentication). The host identity information can be used to make your access permission decisions.


This Discussion