Cisco Evolving Into A Security Company

ChipGuy writes "Om Malik has an opinion piece stating his opinion that Cisco Systems is slowly becoming a security company, a move which may prove problematic for traditional security vendors like Symantec. Cisco has bought its way into the market, worried about the security moves of its main rival, Juniper Networks. The company expects to make major announcements at the RSA Conference later this week. "

SSH

[cyberkahn]

And it took them how long to get SSH into the IOS? Give me a break. They are going to have to move at a lot faster pace if they want to be a security company.

Re:Kind of like

[In-Doge]

Indeed.

Re:Kind of like

[Alsee]

You're more right than you realize.

Microsoft and Cisco are both becoming "security companies" in the sense that "security" == "enforcing Trusted Computing". First I'll skim over the Windows issue, then I'll cover this new and insane threat from Cisco.

I assume we've all heard of Palladium. Well the next Windows release, Longhorn, *is* Palladium. Microsoft's own website documents that:
The Next-Generation Secure Computing Base (NGSCB) is new security technology for the Microsoft® Windows® platform. It will be included as part of an upcoming version of the Microsoft Windows operating system, code-named "Longhorn."...

"SSC" refers to the Security Support Component, a new PC hardware component...

The term "SSC" is generally interchangeable with "TPM" or trusted platform module. The TPM is a secure computing hardware module specified by the Trusted Computing Group

While Longhorn will likely technically run on a non-trusted computer, Microsoft has elswhere documented that it will go into a brain-damged cripple mode and lock you out of the full desktop graphics interface mode. Microsoft has documented that only Trusted Compliant hardwill will be "CertifiedWindowsCompatible". And we all know no PC manufacturer can afford to sell new PC's that are not CertifiedWindowsCompatible and which only run with a crippled and downgraded interface. Whebn Longhorn rolls out the simple fact is that ALL new PCs will ship with Trusted Computing compliant hardware. No major PC manufacturer can afford to do otherwise. At least one manufacturer - Samsung - has already declared that they are nor manufacturing nothing but Trusted compliant machines.

And now for Cisco. Cisco Cisco Cisco.

Some time ago Slashdot ran this story: Cisco Working to Block Viruses at the Router. Sounds wonderful, right? What the Slashdot story missed was that it does not actually have anything to do with routers blocking viruses. What it actually is is Cisco's new Network Admission Control (NAC). Anyone attempting to research exactly what Network Admission Control is and exactly how it works will find very little information available. Most Trusted Compuing projects tend to bury the fact that they are Trusted Computing based because they know it will draw anger and bad press, but Network Admission Control it a real whopper. I can back it up better with bits and peices from various sources, but this source has just enough details in one place to pin it down. The title is "Cisco, others plan to ban insecure PCs". The last few paragraphs state that it requires "new hardware" and states that it will "spur sales of PCs and devices that use trusted-computing hardware". If you read tha article it should be quite clear how it functions. Any computer which attempts to connect to the router and request a net connection must be running a Cisco Trust Agent. That Trust Agent only works on a Trusted Computing compliant computer. If you don't have a Trusted Computer then you are denied access to the net. The Trust agent then scans the operating system and software running on your computer and reports it to the router. If you are not running an approved operating system and running selected MANDATORY software then you are denied access to the net. The advertized purpose is to ensure that you have all of the latest operating system patches and that you are running an approved (mandatory) firewall and/or virus scanner. Of course it can be arbitrarily configured to make absolutely any kind of software mandatory, but the firewall and virus scanner are the ones they hype. And that where the silly Slashdot title about "Blocking viruses at the router" came from. It doesn't block viruses at the router, the router BANS computers that are not Trusted Compliant and it CAN be configured to enfor