Session 2: Network Access Control

Question 1

What is Network Access Control?

Answer 1

Network access control, also called network admission control, is a method to bolster the security, visibility and access management of a proprietary network. It restricts the availability of network resources to endpoint devices and users that comply with a defined security policy.

One major difference between NAC mechanisms and 802.1X access control is that NAC require the placement of one or more agents.

Question 2

What is a potential weak point of NAC?

Answer 2

The trustworthiness of the agents. A compromised endpoint will try to appear like it is in compliance with security policies.

Question 3

What is TNC (Trusted Network Connect)?

Answer 3

An open architecture for NAC. Hierarchical set of attestations based on layering of trust.

Aims to fix the problem of rogue endpoints appearing like they are in compliance with security policies.

Question 4

ETSI M2M

Name the Service Capabillity Layers from ETSI M2M (SCL)

Answer 4

Network SCL -> Gateway SCL -> Device SCL

Legacy devices can be connected to IoT trough Gateway SCL systems.

Question 5

CoAP: What security implementation settings does CoAP have?

Answer 5

no security, pre-shared keys, raw public key, X.509 Key certificates.

Question 6

What is faster? Preshared Key DTLS or Public Key Mutual Authentication

Answer 6

Preshared Key DTLS is about one order of magnitude faster than PKMA. Usefull for low LowWPAN and low energy BLE.