Cisco Takes Aim At LAN Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure
News
10/21/2005
01:45 PM
50%
50%

Cisco Takes Aim At LAN Security

Vendor expands its network-access control initiative to include local area network switches.

Cisco Systems is expanding its network-security initiative from wide area network access points to the switches and wireless devices used in local area networks.

Network administrators scorched by increasingly virulent malware attacks welcome the expansion of Cisco's network-admission-control strategy. But companies that already have begun to introduce these strategies from other vendors, or that don't relish the thought of upgrading portions of their diverse networking environment to comply with Cisco's requirements, might not be as happy.

Cisco in November will target its strategy at layer 2 of the network, where switches pass information inside the LAN, by offering network-admission-control support for its Catalyst switches, including the 6500, 4900, 4500, 3700, 3500, and 2900 series, as well as its wireless access points and controller platforms.

Cisco created its strategy in 2003 to address the difficulty companies have fighting the viruses, worms, and other malware that attack their networks and the systems that connect over the networks. Cisco figured the best way to do this was to get greater control over access points into the network to make sure each device connecting in is clean. The first fruits of Cisco's labor appeared in June 2004, when the company introduced routers and firewalls that complied with its network-admission-control strategy to identify security threats at the WAN level.

Risk Assessment
To become a part of a compliant environment, devices had to run Cisco Trusted Agent software so that information about those devices could be collected and evaluated for risk assessment. Devices unable to run Cisco Trusted Agent were out of luck. Cisco will remedy this next month by letting "agentless" devices such as printers, guest laptops, and PDAs have their security risk evaluated by third-party software from Altiris, Qualys, and Symantec. This software will then share its security-audit information with the Cisco network, which will make admission decisions.


39%
of 653 businesses surveyed are implementing network-quarantine technology this year

Cisco's support for 802.1X port-level authentication, which allows devices to authenticate to a network regardless of where they're plugged in, is a welcome sign for Aurora Health Care, a not-for-profit health-care network with 14 hospitals, 150 clinics, and more than 200 pharmacies. Aurora uses Cisco routers, load balancers, and VPN concentrators, but its network consists of Enterasys Networks switches and intrusion-defense systems, Juniper Networks firewalls and SSL VPNs, and IronPort Systems E-mail security.

"So many networks are built over time, so there's no silver bullet," says Dan Lukas, lead security architect. Cisco's earlier NAC strategy hasn't been as effective for companies that use network equipment from a variety of vendors, Lukas adds. "We don't have Cisco everywhere, and I can't just swap out everything."

Making It Work
The success of Cisco's strategy depends on whether companies are willing to implement Cisco Trusted Agent or third-party assessment software, upgrade LAN equipment, and assess how they build and enforce access policies, says Forrester Research analyst Robert Whiteley. From a competitive standpoint, Cisco isn't the first vendor to offer network- admission-control protection at the LAN level. Alcatel and Enterasys already are doing essentially the same thing, although this shouldn't affect Cisco's entry into the market because the company is such a force in the networking world, he adds.

Lots To Do
But there's still a lot of work for companies to do before devices and protocols that comply with network-admission control can be implemented on layer 2, including upgrading switches that are more than three years old.

Companies with a basic network layout should look at standalone access-control appliances from Caymas Systems Inc. or network-quarantine appliances from Vernier Networks Inc., while companies with more complex networks should look to server- or switch-based systems from vendors including Sygate, which Symantec acquired earlier this month, and Cisco, according to a June Forrester report Whiteley authored on network-quarantine technology.

Of 653 technology decision-makers Forrester interviewed, 39% are implementing network-quarantine technology this year, the report says. "That's pretty good considering how many moving parts this technology has," Whiteley says. The reason for this adoption stems from the need to head off security problems by ensuring that infected end-points don't connect to the network. "NAC helps you keep the bad guys off your network," he says.

None of the vendors is likely to make a big splash this year. It'll be the middle to the end of 2006 before companies have network admission control up and running within the switch environment, Whiteley says. He adds: "2006 will be the major year of getting your infrastructure up to date and defining your networking policies."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll