Microsoft, Cisco work on security cooperation

By Eileen Kennedy, News Writer 24 Aug 2006 | SearchWinIT.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Executives from Microsoft and Cisco will demonstrate at a security conference in Boston next month how Microsoft's Network Access Protection (NAP) policy enforcement and Cisco's Network Admission Control (NAC) will work together to protect networks from unauthorized or infected users, said those familiar with each company's plan.

This is a big step forward for a partnership struck between Cisco and Microsoft in October 2004. Cisco had already developed products based on NAC. Microsoft said in July 2004 it was developing NAP. Cisco is already shipping its products. NAP requires Microsoft's next-generation desktop OS Vista and server OS code-named Longhorn to work.

"We have clients who are begging to get NAC in place, but they stumble around issues involving [vendor] roadmaps," said Robert Whiteley, an analyst at Forrester Research Inc. in Cambridge, Mass. "Who will be the main policy server? Who will be the main enforcement mechanism? Will the vendors play nicely together?"

Now, IT managers can make local decisions. "You may choose to go with all Microsoft because [a particular installation] doesn't warrant a Cisco investment," Whiteley said.

As it turns out, there will be a single agent in Vista that can be a NAP or NAC client, according to one expert who asked not to be identified. Microsoft will have update support for both agents, the expert said.

NAC products use a software agent that gathers information in Cisco's RADIUS server and sends it to Cisco's Secure Access Control Server, or ACS. The Cisco Secure ACS checks with third-party policy servers to see if the devices comply with security parameters and enforces network security policies when necessary.

Microsoft's NAP technology works through software agents as well, but the data is passed to Microsoft's Network Policy Server, which checks with a third-party server to ensure policy compliance.

Microsoft has said that NAP could be used only with its Longhorn server, which won't ship until late 2007. It can also run on Microsoft's XP SP2 as long as each device in the network receives a NAP update.

There is also a third technology being developed by a nonprofit industry group called the Trusted Computing Group. The group's proposed technology supports both Microsoft's and Cisco's technology but is based on more open standards.

Cisco and Microsoft have been running tests of the combined technology, said John Pescatore, a security analyst with the Gartner Inc., based in Stamford, Conn.

"They have made a lot of progress in a fairly short amount of time," Pescatore said. "After almost two years of badgering them, they have convinced me that the difficulties that lie ahead are mostly technical in nature, not political."

Pescatore said he has seen a beta of the combined technology operating on a live network, and it did what officials said it would do -- protect the network from unauthorized or potentially insecure or infected access from client machines. "It is simplistic, but it answers a lot of the questions about how the technologies will work together," he said.

Tags: Network Access Control Basics,  Windows Security: Alerts, Updates and Best Practices,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Access Control Basics Security vendors can learn from ConSentry Networks demise Best Network Access Control Products Perimeter defense in the era of the perimeterless network Network access control technology: Over-hyped or underused? Symantec offers endpoint protection management, monitoring services Configuring access control lists What is the difference between a VPN and remote control? Quiz: Endpoint security on a budget Opinion: Gartner gets NAC wrong, again What security software should be installed on Internet café computers? Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS Security Industry Market Trends, Predictions and Forecasts M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Information Security magazine Security 7 Award winners Security Squad: Privacy gone awry Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Kerberos  (SearchSecurity.com) masquerade  (SearchSecurity.com) phreak  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary