RealTime IT News

Security, The Microsoft Way

NEW YORK -- Microsoft has every intention of working with networking giant Cisco on network access control protocols in its next version of Windows, the head of Microsoft's security technology unit said at an event here Monday.

"The notion of making sure these two technologies complement each other is a goal," said Mike Nash, corporate vice president of Microsoft's Security Technology unit. Speaking during a press briefing as part of Microsoft's Security Summit road show here, Nash said the two companies bring complementary expertise to the security challenge.

"There are certain aspects I think Cisco has around network management. There's certain expertise we have around desktop configuration management. I think together we have an opportunity to have an effective collaboration. It's fair to say we probably have more work to do to explain the details of that," Nash told internetnews.com.

Nash was responding to a question about integration between Cisco's Network Access Control (NAC) methodology, which is one part of the networking company's self-defending network strategy for customers, and Microsoft's own approach, which is called Network Access Protection (NAP).

NAC helps administrators deploy policies for the PCs, wireless clients and servers that access different parts of a network.

Cisco has explained that its NAC product helps customers allow network access only to compliant and trusted endpoint devices, such as PCs, servers, and PDAs. It helps administrators restrict the access of noncompliant devices.

Microsoft's NAP is a similar approach that helps network administrators define what a healthy PC (or client) logging into the network should look like. It would, for example, quarantine unhealthy ones, such as a PC that has its firewall turned off. The approach is one of several security initiatives Nash reviewed with Security Summit attendees during a day-long session here.

"Customers have asked us for this consistently for some time," Nash said. "Making sure they work well together is the goal."

But unclear is whether Cisco plans to integrate or coordinate on a common NAC protocol in Vista, the next version of Windows, when it hits the market. A Cisco spokesperson was not immediately available to respond to a request for comment.

As reported by internetnews.com, there is a lack of a common standard in the NAC sector. This has led to a proliferation of competing technologies, including Microsoft's NAP, Cisco NAC, Trusted Network Connect (TNC) and others.

It's not like Microsoft and Cisco are fighting over their approaches. Two years ago, Microsoft and Cisco addressed a similar issue of how their network access control methodologies were developing by agreeing to integrate their own technologies for an industry standard.

At the time, they said the "coordinated approach will allow customers to integrate the embedded security capabilities of Cisco's network infrastructure with those of Microsoft's Windows, enabling them to choose components yet implement a single, coordinated solution." Currently, the industry is without one.

Nash said Microsoft plans to support info cards, as well as plug and play smart cards in Vista. Windows XP has the capability for this, he added, but the problem is that some cards on the market now are not aware of Kerberos , the standard authentication system that allows two parties to exchange private information across an otherwise open network.

When asked about whether Microsoft would provide native support for RSA's two-factor identification system called SecureID, Nash said the company wants to do the right thing with tokens, but that they won't be as native as smart card support in Vista. "Smart cards map better," he said. But "we're going to work with third parties" to build support for other two-factor identification technologies that aren't natively supported.

During his keynote remarks, Nash urged attendees to look at what the company is doing right now, as well as what's coming down the pike for security improvements. "We're taking the same ideas of developing security on the clients and applying them to the network as well," he said.

Microsoft plans to release its Windows One Live security updates this year, as well as its latest ISA server. He said Microsoft's Windows Defender, which is in Beta 2, is slated to be in full release later this year.