Security, The Microsoft Way

NEW YORK — Microsoft has every intention of working with networking
giant Cisco on network access control protocols in its next version of
Windows, the head of Microsoft’s security technology unit said at an event here Monday.

“The notion of making sure these two technologies complement each other
is a goal,” said Mike Nash, corporate vice president of Microsoft’s Security
Technology unit. Speaking during a press briefing as part of Microsoft’s
Security Summit road show here, Nash said the two companies bring complementary expertise to the security challenge.

“There are certain aspects I think Cisco has around network management.
There’s certain expertise we have around desktop configuration management. I
think together we have an opportunity to have an effective collaboration.
It’s fair to say we probably have more work to do to explain the details of
that,” Nash told internetnews.com.

Nash was responding to a question about integration between Cisco’s Network Access
Control (NAC)
methodology, which is one part of the networking company’s
self-defending network strategy for customers, and Microsoft’s own approach,
which is called Network Access Protection (NAP).

NAC helps administrators deploy policies for the PCs, wireless clients
and servers that access different parts of a network.

Cisco has explained that its NAC product helps customers allow network
access only to compliant and trusted endpoint devices, such as PCs, servers,
and PDAs. It helps administrators restrict the access of noncompliant
devices.

Microsoft’s NAP is a similar approach that helps network administrators
define what a healthy PC (or client) logging into the network should look
like. It would, for example, quarantine unhealthy ones, such as a PC that
has its firewall turned off. The approach is one of several security
initiatives Nash reviewed with Security Summit attendees during a day-long
session here.

“Customers have asked us for this consistently for some time,” Nash said.
“Making sure they work well together is the goal.”

But unclear is whether Cisco plans to integrate or coordinate on a common
NAC protocol in Vista, the next version of Windows, when it hits the market.
A Cisco spokesperson was not immediately available to respond to a request
for comment.

As reported by
internetnews.com, there is a lack of a common standard in the NAC
sector. This has led to a proliferation of competing technologies, including
Microsoft’s NAP, Cisco NAC, Trusted Network Connect (TNC) and others.

It’s not like Microsoft and Cisco are fighting over their approaches. Two
years ago, Microsoft and Cisco addressed a similar issue of how their
network access control methodologies were developing by agreeing to integrate
their own technologies for an industry standard.

At the time, they said the “coordinated approach will allow customers to
integrate the embedded security capabilities of Cisco’s network
infrastructure with those of Microsoft’s Windows, enabling them to choose
components yet implement a single, coordinated solution.” Currently, the
industry is without one.

Nash said Microsoft plans to support info cards, as well as plug and play
smart cards in Vista. Windows XP has the capability for this, he added, but
the problem is that some cards on the market now are not aware of Kerberos
, the standard authentication system that allows two
parties to exchange private information across an otherwise open network.

When asked about whether Microsoft would provide native support for RSA’s
two-factor identification system called SecureID, Nash said the company
wants to do the right thing with tokens, but that they won’t be as native as
smart card support in Vista. “Smart cards map better,” he said. But “we’re
going to work with third parties” to build support for other two-factor
identification technologies that aren’t natively supported.

During his keynote remarks, Nash urged attendees to look at what the
company is doing right now, as well as what’s coming down the pike for
security improvements. “We’re taking the same ideas of developing security
on the clients and applying them to the network as well,” he said.

Microsoft plans to release its Windows One Live security updates this
year, as well as its latest ISA server. He said Microsoft’s Windows
Defender, which is in Beta
2
, is slated to be in full release later this year.

News Around the Web