Cisco And Microsoft Promise More Secure Networks ... Next Year

After two years of working together, the vendors say it will take another year before their integrated network security products are available.



Effective security isn't easy and building it into key systems and software takes time--more time than many businesses can afford to wait. Two years ago, Cisco Systems and Microsoft promised to work together on a better way to protect networks and computers from growing security threats. The vendors last week revealed the first details of how they plan to accomplish that goal by the time they finish rolling out the necessary technology in the latter half of next year.

The goal is to get Cisco's Network Admission Control, or NAC, technology to work with the Microsoft Network Access Protection, or NAP, capabilities available in the upcoming Windows Vista and Longhorn operating systems, in order to prevent malware-infested computers from connecting to networks.

The result should be a breakthrough in integrated IT security when the package arrives in the second half of next year, the target date for Longhorn's release. But the need for network access control won't wait, so businesses will have to continue to use technology available in some of Cisco's and other security vendors' products.

Combined NAP and NAC consists of several client-side software apps that check and communicate the health of laptops, desktops, and other devices attempting to connect to a network. The process begins when a client running Vista attempts to authenticate to the network by sending a "statement of health" to a Cisco Secure Access Control Server via a switch or router. System-health agent software is available from Microsoft, as well as third-party vendors, including Altiris, McAfee, and Symantec.

Once the Access Control Server receives the authentication and admission request, it communicates with the Microsoft Network Policy Server, which in turn connects to a health-registration authority server or policy server to determine whether the client should get access, and then passes that decision back to the Access Control Server.

Legal Hurdles
Cisco and Microsoft have said little until now about how their technologies will work together. "We wanted to be sure this worked first," says Mark Ashida, general manager of Microsoft Enterprise Networking. The biggest challenges were corporate rather than technological. "We're governed by who owns what intellectual property," Ashida says. Adds Bob Gleichauf, CTO of Cisco's Security Technology Group, "We had to get our respective legal teams together to work out the cross-licensing."

Cisco's and Microsoft's work in this area won't be a big deal to most companies until they're running Vista and Longhorn. But they shouldn't wait, Gartner VP John Pescatore says. "If you're not going to Vista by 2008, you should be looking for appliances and other technologies that offer [access control] and asking those vendors how they plan to fit into Microsoft and Cisco's plans," he says.

Astrium North America can't wait. The unit of EADS Space Transportation knew that even with more time, Microsoft and Cisco couldn't handle all the Windows, Linux, Mac, and Unix clients attempting to connect to its networks. Astrium, which works on projects classified under State Department arms-trafficking regulations, is preparing to roll out a NAC appliance from Lockdown Networks, says George Owoc, director of business administration. "I'm a big Cisco fan," he says, but "I don't see anything that Microsoft and Cisco will provide that I can't get through Lockdown."

Security Over Time

OCTOBER 2004

Cisco and Microsoft announce plans to integrate their respective Network Admission Control and Network Access Protection technologies

FEBRUARY 2006

Bill Gates demos NAP in his RSA Security conference keynote address

JUNE 2006

Researcher finds a vulnerability that could let attackers gain administrative access to Cisco Secure ACS servers, a key NAC component

JULY 2006

Cisco buys Meetinghouse Data Communications for $43.7 million to bolster its support of 802.1x, another key NAC technology

SEPTEMBER 2006

Cisco and Microsoft deliver details of how their NAC and NAP technologies will work together

SECOND HALF 2007

NAC and NAP products will be available from Cisco and Microsoft

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service