Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco to Open Source CTA

Posted by ryuzaki0 on from the all-skate-everyone-skate dept.

VE3OGG writes "Cisco, the networking Goliath, has decided to release the source code of its NAC (network admission control) client, Cisco Trust Agent (CTA) to the open source community within 'a few months.' This comes hot on the heels of Cisco announcing its plans to redevelop a new breed of network security infrastructure. 'CTA will be something that's open source. That's just logically where it should end up,' Gleichauf told InfoWorld. 'We don't want to be in the CTA business, so we're going to just open it up.'"

5 of 48 comments (clear)

  1. Re:VPN by c0l0 · · Score: 4, Informative

    The Cisco VPN Client sucks arse. There is, however, a much more comfortable and less-sucky free as in speech userspace-implementation for that kind of VPN available at http://www.unix-ag.uni-kl.de/~massar/vpnc/

    I use it to connect to customer's not having set up OpenVPN every day, and it never failed on me yet. Give it a try, you won't regret it. :-)

    --
    :%s/Open Source/Free Software/g

    YTARY!
  2. Re:ok so where is it? by Sinryc · · Score: 2, Informative

    Even the summary says it will be in a few months. Learn to read. Oh wait, this is slashdot, never mind.

    --
    Yay, I have a sig.
  3. Cisco Security Agent by c0d3r · · Score: 2, Informative

    Cisco Security Agent (which installs trust agent) is one of my favorite programs. It pops up messages when programs attempt to record keystrokes (game emulators do this), access the registry and other suspicious activities. It also tells me that the latest ie is apparently injecting code.

  4. Re:VPN by schwaang · · Score: 3, Informative

    Vpnc works great but it doesn't do certificates yet like the Cisco client.

  5. Re:And we care because by Kizeh · · Score: 2, Informative

    That's not exactly true. First, typically NAC requires the user to have valid credentials and provides some accountability -- if a PC turns out to have a virus, at least a person responsible for it can be found and contacted.
    NAC can, pretty reliably if done right, confirm that the machine in question has update services running, has an active antivirus (as opposed to just a process with the same name) and is running proper patch levels and virus definitions. This alone fixes the vast majority of security breaches at most institutions.
    If all machines are authenticated via 802.1x, and must be added to a domain by an admin and have pushed policies enabled, NAC doesn't buy you a ton. But in a university environment, for example, where the managers don't control the machines, a way to enforce a minimum compliance is very, very attractive.