Microsoft, Cisco work on security cooperation

By Eileen Kennedy, News Writer 24 Aug 2006 | SearchWinIT.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Executives from Microsoft and Cisco will demonstrate at a security conference in Boston next month how Microsoft's Network Access Protection (NAP) policy enforcement and Cisco's Network Admission Control (NAC) will work together to protect networks from unauthorized or infected users, said those familiar with each company's plan.

This is a big step forward for a partnership struck between Cisco and Microsoft in October 2004. Cisco had already developed products based on NAC. Microsoft said in July 2004 it was developing NAP. Cisco is already shipping its products. NAP requires Microsoft's next-generation desktop OS Vista and server OS code-named Longhorn to work.

"We have clients who are begging to get NAC in place, but they stumble around issues involving [vendor] roadmaps," said Robert Whiteley, an analyst at Forrester Research Inc. in Cambridge, Mass. "Who will be the main policy server? Who will be the main enforcement mechanism? Will the vendors play nicely together?"

Now, IT managers can make local decisions. "You may choose to go with all Microsoft because [a particular installation] doesn't warrant a Cisco investment," Whiteley said.

As it turns out, there will be a single agent in Vista that can be a NAP or NAC client, according to one expert who asked not to be identified. Microsoft will have update support for both agents, the expert said.

NAC products use a software agent that gathers information in Cisco's RADIUS server and sends it to Cisco's Secure Access Control Server, or ACS. The Cisco Secure ACS checks with third-party policy servers to see if the devices comply with security parameters and enforces network security policies when necessary.

Microsoft's NAP technology works through software agents as well, but the data is passed to Microsoft's Network Policy Server, which checks with a third-party server to ensure policy compliance.

Microsoft has said that NAP could be used only with its Longhorn server, which won't ship until late 2007. It can also run on Microsoft's XP SP2 as long as each device in the network receives a NAP update.

There is also a third technology being developed by a nonprofit industry group called the Trusted Computing Group. The group's proposed technology supports both Microsoft's and Cisco's technology but is based on more open standards.

Cisco and Microsoft have been running tests of the combined technology, said John Pescatore, a security analyst with the Gartner Inc., based in Stamford, Conn.

"They have made a lot of progress in a fairly short amount of time," Pescatore said. "After almost two years of badgering them, they have convinced me that the difficulties that lie ahead are mostly technical in nature, not political."

Pescatore said he has seen a beta of the combined technology operating on a live network, and it did what officials said it would do -- protect the network from unauthorized or potentially insecure or infected access from client machines. "It is simplistic, but it answers a lot of the questions about how the technologies will work together," he said.

Tags: Network Access Control Basics,  Windows Security: Alerts, Updates and Best Practices,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Access Control Basics Symantec offers endpoint protection management, monitoring services Configuring access control lists What is the difference between a VPN and remote control? Quiz: Endpoint security on a budget Opinion: Gartner gets NAC wrong, again What security software should be installed on Internet café computers? What are the best network security books? Should the government reduce its external Internet connections? Trustwave acquires NAC appliance vendor Mirage Networks Product Review: Rohati TNS 100 Windows Security: Alerts, Updates and Best Practices New attack code targets Microsoft ActiveX zero-day vulnerability When BIOS updates become malware attacks Microsoft patches WebDAV security vulnerability in bevy of updates Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Hackers targeting unpatched Microsoft DirectShow flaw Microsoft warns of IIS zero-day vulnerability Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw How to perform Microsoft Baseline Security Analyzer (MBSA) scans Microsoft patches serious Excel zero-day, Windows flaws Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Kerberos  (SearchSecurity.com) masquerade  (SearchSecurity.com) phreak  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary