Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco to Open Source CTA

Posted by ryuzaki0 on from the all-skate-everyone-skate dept.

VE3OGG writes "Cisco, the networking Goliath, has decided to release the source code of its NAC (network admission control) client, Cisco Trust Agent (CTA) to the open source community within 'a few months.' This comes hot on the heels of Cisco announcing its plans to redevelop a new breed of network security infrastructure. 'CTA will be something that's open source. That's just logically where it should end up,' Gleichauf told InfoWorld. 'We don't want to be in the CTA business, so we're going to just open it up.'"

17 of 48 comments (clear)

  1. ohhh yeah by User+956 · · Score: 5, Funny

    This comes hot on the heels of Cisco announcing its plans to redevelop a new breed of network security infrastructure.

    Yeah, well they've certainly got a NAC for it.

    --
    The theory of relativity doesn't work right in Arkansas.
  2. VPN by LDoggg_ · · Score: 3, Interesting

    Does this include the VPN client?

    The last linux release from cisco's site is a year old and the kernel module doesn't compile against the 2.6.19 kernel. Just to get it to compile against 2.6.18 you had to fake a config.h in your kernel source include folder.

    --

    "If they have both, tell them we use Linux. And if they have that, tell them the computers are down." -Dave Chapelle
    1. Re:VPN by c0l0 · · Score: 4, Informative

      The Cisco VPN Client sucks arse. There is, however, a much more comfortable and less-sucky free as in speech userspace-implementation for that kind of VPN available at http://www.unix-ag.uni-kl.de/~massar/vpnc/

      I use it to connect to customer's not having set up OpenVPN every day, and it never failed on me yet. Give it a try, you won't regret it. :-)

      --
      :%s/Open Source/Free Software/g

      YTARY!
    2. Re:VPN by schwaang · · Score: 3, Informative

      Vpnc works great but it doesn't do certificates yet like the Cisco client.

  3. And we care because by Watson+Ladd · · Score: 2, Interesting

    The thing about NAC's is they don't offer any real security. You can't tell the difference between a corrupted host emulating a good one and a good one. All open sourcing is is just a way to avoid leaving foo^W customers in the lurch.

    --
    Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
    1. Re:And we care because by Kizeh · · Score: 2, Informative

      That's not exactly true. First, typically NAC requires the user to have valid credentials and provides some accountability -- if a PC turns out to have a virus, at least a person responsible for it can be found and contacted.
      NAC can, pretty reliably if done right, confirm that the machine in question has update services running, has an active antivirus (as opposed to just a process with the same name) and is running proper patch levels and virus definitions. This alone fixes the vast majority of security breaches at most institutions.
      If all machines are authenticated via 802.1x, and must be added to a domain by an admin and have pushed policies enabled, NAC doesn't buy you a ton. But in a university environment, for example, where the managers don't control the machines, a way to enforce a minimum compliance is very, very attractive.

    2. Re:And we care because by gclef · · Score: 2, Insightful

      NAC isn't really about preventive security, no matter how it's billed...it's sold as a security tool because that's the only way to get the bosses to understand that real security comes from being *organized* and consistent all the way down to the patch levels on *every* *host*. NAC doesn't fix broken machines...it does help you keep organized about what your non-broken machines look like, so that you minimize the number of broken ones.

    3. Re:And we care because by jhfry · · Score: 2, Interesting

      We care because instead of taking a once useful and arguably well made software product and tossing it in the trash... they are instead opening it up for those who are interested.

      We care because they are helping to set a precedent, one that I hope becomes the norm for tech and software companies, at end of life... open source!

      We care because one of the benefits of open source, is that a particularly well written piece of code can be adapted for a different function while retaining most of what makes it 'good'. So NAC's are worthless to you... but what about that one really powerful function Cisco wrote that finds it's way into 3 other open source products that are NOT worthless to you.

      Finally, were NAC's so bad that you would rather they just tossed the code in their recycle bin?

      --
      Sometimes the best solution is to stop wasting time looking for an easy solution.
  4. Re:ok so where is it? by Sinryc · · Score: 2, Informative

    Even the summary says it will be in a few months. Learn to read. Oh wait, this is slashdot, never mind.

    --
    Yay, I have a sig.
  5. Cisco's table scrap by Lead+Butthead · · Score: 4, Insightful

    We don't want to be in the CTA business, so we're going to just open it up.
    Translation :- "Here's something we either can't milk money out of or we're planning to discard altogether, knock yourselves out."
    --
    ELOI, ELOI, LAMA SABACHTHANI!?
    1. Re:Cisco's table scrap by jcgf · · Score: 4, Interesting

      You see the same thing over and over, "toss the free software dogs a bone and buy some publicity" the suits think. The only company actually open sourcing anything worth while is Sun and maybe IBM to some extent.

    2. Re:Cisco's table scrap by cfvgcfvg · · Score: 2, Interesting

      Yes, but the table scraps from such a huge organization is pretty big. Can you imagine if all the companies in the world gave back to the people all the technology they never intended to sell again. We'd all eat like kings.

  6. Cisco Security Agent by c0d3r · · Score: 2, Informative

    Cisco Security Agent (which installs trust agent) is one of my favorite programs. It pops up messages when programs attempt to record keystrokes (game emulators do this), access the registry and other suspicious activities. It also tells me that the latest ie is apparently injecting code.

  7. Actually the program is pretty cool... by Ho+Kooshy+Fly · · Score: 2, Interesting

    It shows you all the insane registry hacking programs do, overriding or overwriting of DLLs, in general just a lot of bad behavior you see in Windoze. It runs on every desktop where I work and will stop most trojans from installing due to stupid "Oh, lets click on virus.exe" and run it.

    Even if they're not making money off it (no clue tbqh), it probably has some cool tidbits of code...

    -Ho

  8. And a good thing, too by Scareduck · · Score: 2, Funny

    The Chicago Transit Authority needs all the help it can get.

    --

    Dog is my co-pilot.

  9. Gift horse by forand · · Score: 4, Insightful

    Do you really think that they should be giving you their hard work for free? I would love to have companies which abandon or otherwise stop supporting a product give it to the open source community instead of having it lost forever. Just because you find the product they are going to release beyond use does not mean that it is useless to us all.

  10. Clever. by Ant+P. · · Score: 2, Funny

    They're going to force all the dumbass PHBs that think obscurity=security to upgrade to whatever they replace it with.