- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Cloud Security|Cloud computing offers advantages over building and maintaining private data centers including flexibility, reduced maintenance and operations costs and the ability to employ lower powered, lower priced personal computers.
Juniper has announced it is rolling out capabilities to check whether remote machines meet corporate security policies before allowing them SSL remote access to networks.
Many VPN and SSL remote access vendors do this and call it host checking or endpoint security. An agent on the remote machine reports back to a gateway a list of pertinent data about its configuration and this is compared with a database of policies that must be met. If the machine meets them, it gains access.
If not, it can be blocked or referred to a server where it can get what it needs to comply.
Juniper's Endpoint Defense Initiative (JEDI) will do this, but it also includes a feature on its SSL remote access gateway that pushes any missing software to the remote machine. If a computer lacks updated virus signatures, the gateway can push them. If it lacks a personal firewall, it can push one.
The limitation here is that JEDI requires the cooperation of other vendors who make firewall, anti-virus or malware detection software. They must write versions of their products that Juniper gateways can store and send, and so far the company has a list of six other vendors that are cooperating. Five are writing special versions of their software, and the sixth, Microsoft, is sharing information with Juniper so it can make Juniper software compatible with Microsoft's new Internet Connection personal firewall.
Separately, Microsoft is introducing its own limited version of this in its Network Access Protection (NAP) plan. The company will provide a NAP server as part of Windows 2003 Server that can refer to directories or other devices to check whether policies are met. Microsoft will also include a feature in Windows XP that reports to the NAP server the security health of host machines.
Microsoft has a long list of partners that promise to support NAP, one of them being Juniper.
NAP and JEDI seem to overlap, but such overlap will become the norm when NAP is released sometime next year. Juniper says its SSL gateways can become enforcement points in networks using NAP as a mechanism to check remote machines. Or customers can use JEDI to perform the same function.
Similarly, other NAP partners say their independent security schemes can function on their own or with Microsoft's gear as a unifying component.
Tim Greene is senior editor at Network World.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment