In November 2003, Cisco began pioneering a way of addressing network security, what we call our Network Access Control program. NACs aim is to create a common communications and control framework that multiple vendors can use to provide layered, systems-based defenses for the network and all its endpoints.
Since then, the industry has recognized the necessity of such an approach. As validation, most major IT companies are involved one way or another in NAC or NAC-like programs with a wide range of vendor partners to create multifaceted, systems-based security defenses.
Some analysts and members of the industry, however, have criticized Cisco for not developing its NAC technologies through standards bodies before launching products and programs.
Cisco can certainly appreciate such concerns for standards-based technology. The company actively supports standards, and its engineers participate in dozens of standards groups. But standards bodies move slowly, often taking years before developing viable technologies.
NACs systems-based approach to networking security, we believe, requires a new strategy for the development of standards. To secure networks, innovations must be implemented now. Hackers do not wait for standards.
To get products into customers hands as quickly as possible, someone—some vendor—has to take the initiative for creating systems-based security prototypes. Order doesnt magically appear out of chaos. Developing systems-based security requires coordinating efforts from many parts of the network, including endpoints. This is the approach Cisco is taking with the NAC program.
NAC is not turning its back on standards. Cisco said it will move every aspect of the NAC program into standards bodies by the end of next year. Already, we have submitted NAC technologies to the IETF for approval. We are working with the IETF to standardize a NAC communications technology called EAPoUDP (Extensible Authentication Protocol over User Datagram Protocol).
In addition, NAC is embracing as many standards as possible to ease NAC defenses implementation. Standards-based technologies we are employing include 802.11x, PEAP (Protected Extensible Authentication Protocol), EAP (Extensible Authentication Protocol) and RADIUS. We are also licensing NAC technology to as many vendors as possible.
Other vendors believe NAC is the way to go. The program has grown to more than 50 member companies in a little over a year and includes Computer Associates, IBM, McAfee, Symantec and Trend Micro. Open standards have made the Internet a powerful tool, but networking customers require better networking security now. NAC is proving to be an answer to their needs.
Robert Gleichauf is chief technology officer of the Security Technology Group at Cisco Systems Inc. Free Spectrum is a forum for the IT community and welcomes contributions. Send submissions to [email protected].