Cisco, Microsoft to air net access plans

Microsoft’s Bill Gates and Cisco’s John Chambers next week are expected to kick off the annual RSA Conference in San Jose by sharing new details about their companies’ network-access control strategies.

In addition, Microsoft, along with dozens of security vendors, plans to unveil the Web portal for a new group called the SecureIT Alliance, which Microsoft began organizing in October. Members vow to work with each other to make their offerings more effective in fighting security threats, particularly in Windows environments.

The hottest topic for SecureIT Alliance members is Microsoft’s Network Access Protection (NAP) technology, which is part of Microsoft’s Vista desktop software, now in beta. At the conference, Microsoft is expected to ballyhoo vendor support for NAP.

Vista, expected to ship at year-end, would provide a way, via NAP, to ensure that companies enforce security policies for anti-virus updates, patches or VPN use before they’re allowed network access.

Cisco has a similar network-access control strategy called Network Admission Control (NAC) that’s further along in development, with client software that works to enforce policies through Cisco switches and routers.

The theme of the RSA Conference this year can be summed up as “network-access control,” says Gartner analyst John Pescatore, who notes that in addition to NAC and NAP, there’s Juniper’s Endpoint Defense Initiative and other technologies.

Proprietary technologies such as NAC and NAP will be discussed, but so will a standards-based alternative, Trusted Network Connect, which was developed as an open specification by the Trusted Computing Group. The group is scheduled to show how the technology works at its booth on Feb. 13 during a workshop.

In addition, Symantec will host a roundtable discussion with Craig Schumard, chief information security officer at Cigna, and Todd Krahenbuhl, network engineer in the information technology services division of Pacific Northwest National Labs, among others.

One panel session, “Securing the Endpoint: Deciding Among Different Strategies,” will include Frank Watts, senior architect at JP Morgan Chase, and representatives from Helios Cynax, Microsoft and 3Com’s TippingPoint.

As to where Microsoft and Cisco are headed with their network-access control methodologies, expect to hear the two vendors reaffirm that they are making their technologies compatible, as they promised to do over a year ago, Pescatore says.

“Cisco and Microsoft are in joint development to ensure the Vista workstation will support Cisco’s NAC,” he says.

Microsoft also is expected to indicate it will add at least some elements of NAP functionality to XP, Windows 2003 Release 2 and Windows 2004 Release 4 around the time it ships Vista. Microsoft has promised NAP support on the server side with its Longhorn release, software whose shipping date has slipped, most likely to 2008.

Adding at least some NAP endpoint security to existing products will allow Microsoft customers to make use of network-access control sooner rather than later.

SecureIT Alliance members say they joined the group because it is where Microsoft, which approves their free membership, shares information under non-disclosure about its security architecture plans.

“It’s hard to argue with the biggest gorilla in town,” notes Eli Kalil, vice president of business development at Ingrian Networks, which makes products for encrypting sensitive financial information. “It’s their way or the highway. You give them a lot more information than they give you,” he says about joining the alliance.

Nonetheless, Kalil says the Web portal, set to be unveiled on the day of Gates’ keynote, is a tremendous opportunity to keep up with Microsoft and engage in discussions with other members, which number at least 50.

A portion of the Web portal will be open to the public, allowing security vendors to market their products. However, showcasing products via the portal that are based on Unix or Linux isn’t allowed under Microsoft’s Web site policy, says Chris Wilburn, RSA Security’s development manager.

“The SecureIT Alliance initially is about getting information about Microsoft programs and getting code,” says Kevin Auger, director of security-solutions marketing at LANDesk, another member.

SecureWave makes Sanctuary, software designed to thwart malicious code and attacks by preventing unauthorized applications from running on Windows desktops and servers. The company, which backs Microsoft’s NAP technology, has found the alliance a valuable forum for learning about Microsoft’s security model for XP Embedded.

“XP is an operating system for use in thin clients, point-of-sale terminals, [automated teller] machines and smart-phones,” says Dennis Scerscen, vice president of marketing at SecureWave.