So Microsoft security comes out on top in this heated battle for network access control, security guru Joel Snyder says. But
this does make sense, since one of the main goals of NAC is to enforce security policy (and even remediation) on the clients and who better to control the clients than the company that owns most of them. But Microsoft "winning" seems like a win for everyone, since winning in this case really means interopability. From there, you can layer whatever technology you want on top, to perform any access control you need done for just about any client. It's just a little scary to think that Microsoft security is leading the charge here, given the reputation of the company and its security (though the comapny is the acknowledged workplace of many brilliant security folks). However in this case, makes sense. Here's a notable quote from this chat. (Click here for the whole transcript.)
"People seem to be willing to let Microsoft take a leading role in NAC. ... the key is that the desktop is EVERYTHING and Microsoft is making the right noises about standards and openness and making things work in the big picture. So we have already seen Microsoft and the Trusted Computing Group (TCG) get together, and I think it's only a matter of time before we also see the other vendors like Cisco at least have a good accommodation of the Microsoft Network Access Protection (NAP) framework."
"The NAP client is just a base. You don't just do everything that Microsoft says, right? They provide a great base and you build on top of that to meet your needs. If you're a small site, you stick with them. but if you have Symantec, then you layer their SEP11 on top of that using the NAP SHA/SHV. If you have McAfee, same deal. Sophos, same deal. We tested Avenda and Blue Ridge as well in the labs, all sitting on top of NAP. The reason you START with Microsoft is that they know more about their own O/S than anyone else, so that is going to maximize the ability to interoperate. And then you take your preferred end-point security partner and put it on top using the SHA/SHV model. It is totally clean and totally extensible."
Go to the Microsoft Subnet home page for more news, blogs, podcasts.
More Microsoft Subnet blog posts:
Yahoo shareholders angry over failed Microhoo
Microsoft scores NBC videos for Zune
Microsoft security report not that intelligent, Schiffman says
IBM takes on SharePoint with Quickr
Massive SQL-injection attack not Microsoft's fault, security official saysPlus, check out Microsoft Subnet's expert bloggers:
Mitchell Ashley's Converging on Microsoft blog
Mitchell Ashley's Converging on Microsoft podcast
Tyson Kopczynski: Hidden Microsoft
Kerrie Meyler: Managing Microsoft
Ron Barrett: A Better Windows World
Glenn Weadock: Windows Server 2008
Alex Lewis: Windows into Silicon Valley
Brian Egler: SQL Server Strategies
Scot Hillier: SharePoint Developer
More Microsoft Subnet bloggersSign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, managed by editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.
|
|
That quote is exactly right.
That quote is exactly right. The reason for establishing good NAC and then building your network on top is to start with a stable base and ensure a minimum level of effective security. Even before the endusers and workstations this starts with securing your database against attacks by following best security practices when coding. It's important to remember security at every level.
------------------------------------------------------
Fred Reckling
http://www.microsoft.com/hellosecureworld7