Cisco teams with IBM on infrastructure security

A collaboration between Cisco and IBM on security could make it easier for customers to authenticate IBM-based laptop and PC clients on Cisco-based LAN and remote-access infrastructures.

The joint Cisco/IBM effort, announced this week, will integrate security management products such as IBM Tivoli’s Identity Manager with Cisco’s Access Control Server (ACS) and make IBM laptops with embedded security chips work more seamlessly with Cisco VPN gear. Cisco says this integration could let security managers set up and manage end users more securely while reducing configuration hassles.

Starting in March, Cisco’s ACS – a RADIUS-based authentication server – will be able to share end-user account data with IBM Tivoli Identity Manager, a platform for user account auditing, policy creation and single sign-on. This could let customers more easily synchronize user security policies and data across Cisco’s and IBM’s respective hardware and software security platforms. (This could include Cisco routers, switches and VPN gear managed by ACS, and software applications tied to the IBM Tivoli software.)

IBM joins anti-virus vendors Network Associates, Symantec and Trend Micro as part of the Cisco Network Admission Control (NAC) program, announced last November. NAC attempts to tie anti-virus software with Cisco hardware to automatically shut out unauthorized or virus-infected users from a Cisco-based LAN or WAN.

“[NAC] is a very exciting technology,” says Edward Gotthelf, director of network architecture of UPS. He adds that updating and managing end users’ security credentials is critical in defending against worms and viruses. “But it’s got to be done in an automated fashion. To manage all that from a human perspective is impossible” in a large organization such as UPS, he says.

Gotthelf says he likes Cisco’s plan to build access control into switches and routers in conjunction with security partner software. “Building [security management] right into the network seems to make sense,” he says.

UPS uses Cisco network hardware and IBM Tivoli Identify Manager software. Gotthelf says the Atlanta company also will investigate ways to use those technologies together down the road.

Cisco also is integrating its VPN technology with IBM’s ThinkVantage security subsystems, embedded in IBM ThinkPad laptops and ThinkCenter desktops. Cisco says this could let companies with Cisco-based VPN and widely deployed ThinkPads manage remote access better while lessening the burden of installing and configuring client hardware and software.

ThinkVantage allows for a consolidated client security configuration, with single sign-on, and data encryption and encryption key management. The Cisco/IBM collaboration will let Cisco VPN equipment recognize ThinkVantage clients and allow access to a Cisco VPN with less endpoint configuration, according to the companies. Cisco’s Security Agent is a piece of software used to control network access in its NAC architecture.