Cisco, Microsoft Reveal Long-Awaited Network Access Control Plans - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Cisco, Microsoft Reveal Long-Awaited Network Access Control Plans

The result should be a breakthrough in integrated IT security when the whole package arrives in the second half of next year.

Cisco and Microsoft today released closely held details about their two-year-old partnership to deliver integrated controls that prevent malware-infested computers from connecting into networks. Cisco's Network Admission Control, or NAC, technology will work with the Microsoft Network Access Protection, or NAP, capabilities available with the upcoming Windows Vista and Longhorn operating systems.

The result should be a breakthrough in integrated IT security when the whole package arrives in the second half of next year, the target date for Longhorn's release. But the need for network access control won't wait that long, so businesses will have to continue to control network access using technology already available in some of Cisco's products and through other security vendors.

By year's end, Cisco and Microsoft will offer a limited beta program--with no more than three mutual customers--to gain a more realistic understanding of how their access control technologies will work together.

As these beta testers will soon find out, combined network access protection and network access control consists of several client-side software applications that check and communicate the health of laptops, desktops, and other devices attempting to connect into a given network.

On the network side, Cisco routers and switches, Cisco Secure Access Control Server, Microsoft Network Policy Server, and policy servers from other vendors work together to give the thumbs up or thumbs down to any device seeking to connect. Access control systems must be able to detect connecting devices, authenticate the people using them, determine if a connecting device has the appropriate anti-virus protection and software patches, and quarantine and update systems that don't make the grade. Microsoft and Cisco appear to have these bases covered.

Apart from some comments at this year's RSA Security show in February, when Bill Gates broached the topic of NAP and NAC integration, Cisco and Microsoft have said very little over the past two years about how their technologies will work together. "We wanted to be sure this worked," says Mark Ashida, general manager of Microsoft Enterprise Networking.

The biggest challenges were corporate rather than technological. "We're governed by who owns what intellectual property," Ashida says. Adds Bob Gleichauf, Cisco's CTO for its Security Technology Group, "We had to get our respective legal teams together to work out the cross-licensing."

Cisco and Microsoft have cross-licensed the Cisco NAC and Microsoft NAP protocols used to communicate information between clients and networks to help ensure their products continue to work together. The companies also decided that Microsoft NAP client APIs will serve as the only client interface, which makes it easier for third-party software developers to write their own health-agent and health-enforcement software to work in integrated NAC-NAP environments.

Under the joint Cisco-Microsoft vision, the access control process begins when a client running Vista attempts to authenticate to the network by sending a "statement of health," which includes information from so-called system-health agent software, to a Cisco Secure Access Control Server, or ACS, via a switch or router. System-health agent software is available from Microsoft as well as third-party vendors including Altiris, McAfee, and Symantec.

This statement of health travels to the ACS using one of two methods, either Extensible Authentication Protocol over User Datagram Protocol or EAP Flexible Authentication via Secure Tunneling, also known as EAP-FAST. Once the ACS receives the authentication and admission request, it communicates via host credentials authorization protocol to the Microsoft Network Policy Server, or NPS. The NPS, in turn, connects to a health-registration authority server or policy server to determine whether the client should be given access, and then passes that decision back to the ACS.

A Forrester Research study of 149 technology decision makers at North American companies found that while more than one-third plan to adopt some type of network access control this year, the rest cite cost and manageability as obstacles to deployment.

Cisco and Microsoft have done solid work in making access control much easier by letting their technologies communicate with each other, but this won't be a big deal to most businesses until they have Vista on their PCs and Longhorn on their servers.

There's a real urgency for companies to better protect their networks when remote employees, contractors, and business partners connect. Don't wait for Microsoft and Cisco, says Gartner VP John Pescatore, adding, "If you're not going to Vista by 2008, you should be looking for appliances and other technologies that offer [access control] and asking those vendors how they plan to fit into Microsoft and Cisco's plans."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Strategies You Need to Make Digital Transformation Work
Joao-Pierre S. Ruth, Senior Writer,  11/25/2019
Enterprise Guide to Data Privacy
Cathleen Gagne, Managing Editor, InformationWeek,  11/22/2019
Watch Out: 7 Digital Disruptions for IT Leaders
Jessica Davis, Senior Editor, Enterprise Apps,  11/18/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Flash Poll