Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to incorporate TPM (Trusted Platform Module)

Have any of you ever used TPM to secure a VPN connection into a corporate network? I'm interested in doing two factor authentication. Ideally, only laptops that I authorize will have access to the VPN tunnel. If the laptop were to be lost or stolen I'd like to have the ability to disallow its connection by revoking a cert for example. What are your thoughts on this and what steps have you taken to get this implemented? The firewall is an ASA5510. Thanks!


Re: How to incorporate TPM (Trusted Platform Module)

There is a difference between trusting a user (after passing strong user authentication) and trusting that user's computer. While the former has traditionally been emphasized, only recently has the latter been given sufficient attention (see Trusted Platform Module - TPM). As discussed earlier, a Trojan-laden computer defeats strong user authentication. But a “company computer”, which is typically supported and managed according to corporate security policies, typically deserves more trust than a “non-company computer”. A secure SSL VPN infrastructure should allow you to verify a remote host's identity by checking on predefined end device parameters. Examples include registry entries, special files in a specified location, or digital certificates (as a form of device authentication). The host identity information can be used to make your access permission decisions.

CreatePlease to create content