How to incorporate TPM (Trusted Platform Module)

Matthew Ratliff — Tue, 26 Mar 2019 00:42:00 GMT

Have any of you ever used TPM to secure a VPN connection into a corporate network? I'm interested in doing two factor authentication. Ideally, only laptops that I authorize will have access to the VPN tunnel. If the laptop were to be lost or stolen I'd like to have the ability to disallow its connection by revoking a cert for example. What are your thoughts on this and what steps have you taken to get this implemented? The firewall is an ASA5510. Thanks!

Re: How to incorporate TPM (Trusted Platform Module)

didyap — Wed, 04 Feb 2009 19:53:55 GMT

There is a difference between trusting a user (after passing strong user authentication) and trusting that user's computer. While the former has traditionally been emphasized, only recently has the latter been given sufficient attention (see Trusted Platform Module - TPM). As discussed earlier, a Trojan-laden computer defeats strong user authentication. But a â€œcompany computerâ€, which is typically supported and managed according to corporate security policies, typically deserves more trust than a â€œnon-company computerâ€. A secure SSL VPN infrastructure should allow you to verify a remote host's identity by checking on predefined end device parameters. Examples include registry entries, special files in a specified location, or digital certificates (as a form of device authentication). The host identity information can be used to make your access permission decisions.

topic How to incorporate TPM (Trusted Platform Module) in Network Security

How to incorporate TPM (Trusted Platform Module)

Re: How to incorporate TPM (Trusted Platform Module)