Hackers Dont Wait for Standards | eWeek

Hackers Dont Wait for Standards

Jun 27, 2005
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

In November 2003, Cisco began pioneering a way of addressing network security, what we call our Network Access Control program. NACs aim is to create a common communications and control framework that multiple vendors can use to provide layered, systems-based defenses for the network and all its endpoints.

Since then, the industry has recognized the necessity of such an approach. As validation, most major IT companies are involved one way or another in NAC or NAC-like programs with a wide range of vendor partners to create multifaceted, systems-based security defenses.

Some analysts and members of the industry, however, have criticized Cisco for not developing its NAC technologies through standards bodies before launching products and programs.

/zimages/4/28571.gifClick hereto read about how Ciscos NAC is leading the network security space.

Cisco can certainly appreciate such concerns for standards-based technology. The company actively supports standards, and its engineers participate in dozens of standards groups. But standards bodies move slowly, often taking years before developing viable technologies.

NACs systems-based approach to networking security, we believe, requires a new strategy for the development of standards. To secure networks, innovations must be implemented now. Hackers do not wait for standards.

To get products into customers hands as quickly as possible, someone—some vendor—has to take the initiative for creating systems-based security prototypes. Order doesnt magically appear out of chaos. Developing systems-based security requires coordinating efforts from many parts of the network, including endpoints. This is the approach Cisco is taking with the NAC program.

NAC is not turning its back on standards. Cisco said it will move every aspect of the NAC program into standards bodies by the end of next year. Already, we have submitted NAC technologies to the IETF for approval. We are working with the IETF to standardize a NAC communications technology called EAPoUDP (Extensible Authentication Protocol over User Datagram Protocol).

In addition, NAC is embracing as many standards as possible to ease NAC defenses implementation. Standards-based technologies we are employing include 802.11x, PEAP (Protected Extensible Authentication Protocol), EAP (Extensible Authentication Protocol) and RADIUS. We are also licensing NAC technology to as many vendors as possible.

Other vendors believe NAC is the way to go. The program has grown to more than 50 member companies in a little over a year and includes Computer Associates, IBM, McAfee, Symantec and Trend Micro. Open standards have made the Internet a powerful tool, but networking customers require better networking security now. NAC is proving to be an answer to their needs.

Robert Gleichauf is chief technology officer of the Security Technology Group at Cisco Systems Inc. Free Spectrum is a forum for the IT community and welcomes contributions. Send submissions to free_spectrum@ziffdavis.com.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.