Cisco fills in security roadmap and promises standards
Published: Monday 21 June, 2004
Cisco is to announce this week new features in its routers that it promises will be a major step towards the ‘self-defending network’, plus a roadmap towards industry security standards.
Key among the announcements is the first fruits of a collaboration between Cisco and various antivirus specialists – Network Associates, Trend Micro and Symantect – announced earlier this year. This has resulted in the Network Admission Control (NAC) architecture, which allows Cisco's networking products to communicate with these antivirus products. Devices running NAC technology – in the form of Cisco Trusted Agents - will allow network access only to compliant and trusted PCs or mobile devices. NAC can also restrict access of non-compliant equipment, for instance if a device does not have up to date virus protection or patches. This technology will be embedded, initially, in Cisco’s edge routers, for linking corporate networks to the internet; and will then be extended to the Catalyst 2900 to 6500 switch families, protecting in-building networks, and in the VPN 3000 product for remote access.
Extending security to these network elements helps Cisco fulfill its vision of protecting the entire network by including as much security technology as possible throughout the network, so that the network itself can detect and defend against malicious attacks.
Eventually, all Cisco routers and switches will be able to check devices connecting to them for problems and Cisco plans to open the program to other antivirus vendors.
Part of Cisco’s Phase II plan for NAC will include proposing its authentication technology as a standard to the IETF (Internet Engineering Taskforce) this August.
Rethink thoughts for Users:
However, while the roadmap is impressive – and hard for any networking rival to match, because no other has Cisco’s penetration in end-to-end systems – roll-out is too slow for critics. The most critical phase of NAC is Lan switch support, and that is not due for another nine months or so. And, while Cisco is accused of not meeting users’ needs in the short term, it is also criticized for moving hesitantly towards standards for securing Lans and Wans – something it is uniquely placed to influence.
Rethink thoughts for Competitors:
Some other networking vendors are taking a similar approach to security – for instance, Enterasys has embedded functions such as IDS and antivirus into its products, but of course, in promising a self defending network, Cisco has the advantage that many companies have implemented its gear from end to end, which is rarely true of its rivals. This fact makes standards even more important, since otherwise smaller companies run the risk of being excluded from Cisco-dominated sites by lack of integrated security capabilities. But as usual in networking, the standards agenda will be set and driven by Cisco, and the smaller companies will need to play along.
Rethink thoughts for Partners:
Additional plans include opening the Trust Agent API to any vendor interested in writing software that works with NAC, on the client or server side. This would let vendors in the client software, server software and network equipment areas create products that work in a NAC infrastructure.
rethinkresearch.biz
Willie Trombone .... o8-) |
