Cisco Updates Network Security Technology

* * Beatles-Beatles writes to tell us that Cisco has announced an enhanced version of its Network Admission Control (NAC) technology. From the article: "Under its NAC initiative, Cisco is developing a range of tools that let companies permit, deny, quarantine or restrict admission to networks based on an end user's security status."

You are looking at Trusted Computing.

[tepples]

This Cisco technology is implemented in terms of Trusted Network Connect, a specification published by the Trusted Computing Group. Alsee explains how and why major residential ISPs will eventually use it to condition customers' Internet access on acceptance of Trusted Computing measures.

Re:You are looking at Trusted Computing.

I for one welcome Cisco's attempt at overlording. It can only hasten the massive peer to peer mesh networks of the future. Who will need "The Internet" of the big boys when you can route packets anywhere in the world over commodity wifi mesh networks with a few backbone links? The Internet will route around damage, including silliness like trusted networks.

Cisco needs to update more than its tech

[saskboy]

""With this, we are selling NAC on switches, routers and on just about every product we sell," Gleichauf said, adding that Cisco now has over 60 vendors participating in the NAC initiative."

Now if only their Contract website was as easy to manage as their Linksys routers. I try to log in to their website to check the account status, and they make me jump through hoops and look for hidden links. It makes me wonder if any web designer works for them.

You can't block the CEO

[ReformedExCon]

I'm just joking, of course. CEOs are typically the most informed of all employees at any given company.

But this is pretty cool. The problem, of course, is how to decide whether someone is "secure" or not without running a scan on that computer. It isn't like infected computers are going to run around flagging routers of their infected status.

I wonder how they will manage this type of security clearance system. If it works, this is one of those technologies that is right on time. If we can stop viruses from infecting whole networks by shutting infections out of the network, then they can't propagate very far at all.

be wary

Be wary of anything that will lock you into other proprietary hardware. Cisco is running scared right now with Juniper and others right on their tail, so some of this is likely to further cement Cisco into client networks.

If the FCC has anything to do with it

[tepples]

The Internet will route around damage, including silliness like trusted networks.

But can a wireless mesh route around legislators and regulators who ban the transmission of electromagnetic waves for unauthorized wireless meshes? And can it choose a within-50-percent-of-optimal route that minimizes speed-of-light latency and processing latency? And can it route across large bodies of water?

NAC sucks

We've tried to deploy NAC locally. It's hell to configure the "CTA" (i.e. magic software that runs only on Windows). It's hell to configure the switches (docs? Like they help...) It's hell to configure Cisco ACS (does Cisco even *use* that PoS?)

NAC is great in theory, but it's Windows-only, it requires extra software on Windows boxes, it requires all of your switches to be NAC aware, and it requires a NAC aware authenticator.

Can you say "not going to happen"?

If someone else comes out with something similar that can be used in the real world, like 802.1x supplicants with a bit more smarts, it will deployed so fast that Cisco's NAC will be a sad memory.

NAC: Good in theory. Cisco "gets" routers. They don't "get" network administration.

Why is this here?

[ninja_assault_kitten]

This is nothing more than an advertisement.