Different Approaches

By Paul F. Roberts  |  Posted 2005-05-02 Print this article Print

However, NAC, NAP and TNC take different approaches to the client security puzzle. Ciscos NAC emphasizes that companys strength as a provider of network gear, and uses Cisco routers and switches, coupled with a software client called the Cisco Trust Agent, to check and enforce security policy. The Trusted Computing Groups TNC architecture is similar to NAC but is based on open standards, and it doesnt rely on a single vendor to provide the policy decision-making or enforcement points. Microsofts NAP, on the other hand, will use that companys strength as a maker of desktop and server operating systems, enforcing client health using NAP components built into Windows XP SP2 (Service Pack 2) and Windows Longhorn DHCP (Dynamic Host Configuration Protocol) or VPN servers.
Microsoft said in April that it will align its NAP architecture with TNC, and promised in a joint statement with Cisco in October to make NAP interoperable with Ciscos NAC.
Microsoft, which is a member of the TCG, has been working with the group since 2004 and will make sure that the next version of Windows, dubbed "Longhorn," contains interfaces or supports software plug-ins that allow data to be passed back and forth between NAP and TNC components, said Steve Anderson, director of product marketing in the Windows Server Group. "Our intent is that when a third-party vendor writes to either one of our interfaces, Trusted Computing Groups or Microsofts, in cases where there are different components, they will work together," he said. "We have said from the beginning that for NAP to be successful, it has to embrace heterogeneous environments," he said. One columnist says users will be waiting a long time for a joint solution from Microsoft and Cisco. Click here to read more. Cisco, which has the most fully evolved endpoint security architecture, supports what the TCG is doing and will read the TNC spec with interest, but the company is more focused on delivering a new set of NAC features for customers than on creating open standards for client security, said Russell Rice, director of product marketing in Ciscos Security Technology Group. Integrating NAP and NAC is also a high priority for the company, Rice said. "Theres a lot of pressure at the Ballmer and Chambers level to provide visibility and make [integration] work. Our team has taken that to heart, and there are indications that Microsoft has as well," he said. "Its not laissez faire." That said, industry watchers note that its been more than six months since Microsoft and Cisco announced plans to join NAC and NAP, and the companies still dont have anything to show for it. Neither Rice nor Anderson could say when the companies might release a plan for integrating NAP and NAC. Both executives said Cisco and Microsoft are trying to actually fuse the two architectures, as opposed to merely providing plug-ins that bridge the gaps between the two. "We want to provide a fused architectural environment where theres no duplication or vendor requirement that it has to be Microsoft or Cisco," Rice said. Microsofts Anderson agreed. "Theres good customer benefit in loosely coupled integration, but greater customer benefit in tightly coupled integration, and the latter is what were working toward," he said. Integration aside, even the most mature client security architecture, Ciscos NAC, isnt yet common inside midtier enterprises that are heavy users of Cisco gear, such as Sonnenschein Nath & Rosenthal, even though administrators are "champing at the bit" for client security features, Hansen said. "Our hope is that Microsoft and Cisco get behind a common approach and break the logjam," said John Pescatore, a vice president at research outfit Gartner Inc. The companies also should get behind open standards such as TNC, even if they want to keep developing their own architectures, Pescatore said. "The best result would be for companies like Cisco to support open standards, but support NAC as well," he said. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel