- Related Stories
-
Cisco extends relationship with Trend Micro
June 7, 2004 -
Cisco beefs up security
March 9, 2004 -
Cisco, others plan to ban insecure PCs
November 18, 2003
On Monday, the company plans to announce new capabilities in its routers to help protect corporate networks from viruses and worms, two sources close to the company confirmed on Friday.
The release is the first phase Network Admission Control (NAC), a collaboration program between Cisco and antivirus companies. Through this program, Cisco has developed technology with three antivirus specialists--Network Associates, Symantec and Trend Micro--that will let Cisco's networking products communicate with antivirus products.
Devices running NAC technology will allow network access only to compliant and trusted endpoint devices, like PCs and PDAs (personal digital assistants). NAC can also restrict access of noncompliant equipment. This decision can be based on information about the endpoint device, such as its current antivirus state and operating-system patch level.
 | ||||
|
| | ||
|
Get Up to Speed on... Enterprise security  Get the latest headlines and company-specific news in our expanded GUTS section. |
| ||
|
|
||||
|
|
||||
Cisco will initially embed the technology in its software routers, which are generally used to connect corporate networks to the Internet.
In the second phase of the program, the company plans to extend this offering to its Catalyst 2900 to Catalyst 6500 switches. These switches are often used to connect users within the same building. The technology will also enable the capability on the VPN 3000 remote access product, which provides remote connectivity to the corporate network.
Extending security to these network elements helps Cisco fulfill its vision of protecting the entire network. Eventually, all Cisco routers and switches will be checking end devices connected to them for worms and viruses. And a remote user will not be able to connect to the corporate network unless his or her device is free of viruses and worms.
For Cisco to achieve its networking vision, it has to expand this security technology throughout its product line, Yankee Group analyst Zeus Kerravala said.
"In order for the self-defending network concept to work, Cisco needs to have this technology on devices throughout the network," Kerravala said.
Cisco plans to open the collaboration program to other antivirus vendors. The company is also trying to integrate more security technology into its products. Earlier this month, it
The NAC program and Cisco's relationship with Trend Micro fall in line with Cisco's strategy on security, which is to embed as much security technology as it can throughout the network, so that the network itself can detect and defend against malicious attacks.
Cisco is not the only networking company to take this strategy. Enterasys Networks also includes similar security features on its products. Like Cisco, Enterasys has embedded intrusion detection and prevention and antivirus functionality into its networking gear. But Kerravala said that even though Enterasys might be ahead of Cisco in terms of the features it offers on individual switches and routers, it will likely continue to struggle to gain market share against Cisco.
"This message of network-based security is harder for Enterasys to sell because most customers don't have an entirely Enterasys network," he said. "Cisco has gear in almost every network, which makes this strategy easier to implement."
Just what has Cisco calculated, that might be the required resources to run these? I see us moving toward bigger faster routers, and it seems we'll use up more resource than is being advanced on.
Just asking...
This all sounds really good for 'business-computing', until I read the lines...
"Extending security to these network elements helps Cisco fulfill its vision of protecting the entire network."
And,
"In order for the self-defending network concept to work, Cisco needs to have this technology on [all] devices throughout the network,"
Which begs the questions...
- Is this simply another step towards mandatory "Trusted Computing"? (which is what it looks like to me).
After all, this action lays the ground-work for an absolutely essential component of the "Trusted Computing Architecture", where every computer MUST be able to certify that it is fully 'registered', and that it is ONLY RUNNING 'approved applications', before it is "...allowed" to access any resource (media, the Internet, networked-software, etc.).
- How long until general-ISPs (Internet Service Providers) will have to use this security method, ...to "protect their networks"?
This is a relevant question since...
"Eventually, all Cisco routers and switches will be checking end devices connected to them for worms and viruses. And a remote user will not be able to connect... ...unless his or her device is free of viruses and worms" [http://in other words... certified as "trusted"|http://in other words... certified as "trusted"].
Frankly, in the opinion of most analysts, this "Trusted-computer" method of completely 'locking-down' computer-use, in order to insure "...security", opens all sorts of opportunities for abusive-control by third-parties. And, all in all, this seems to 'fall into place' awfully well with the ongoing (though, publicly opposed) authoritarian-vision of the personal-computer, merely as a business (and governmentally) controlled "...services-delivery appliance".
This is an especially important issue when you realize that most analysts have also determined that much of "Trusted Computing's" specifics could actually be easily 'mis-used' to effectively eliminate much consumer-choice, control, and privacy. For example, 'alternate' computer applications' (I.E. 'Open-Source' software, non-DRM compliant 'media-access', or virtually any other "non-authority approved" computer-use for that matter) could be wiped-out, at the whim of those that control 'authorization' (which, by the way, apparently will NOT be the 'computer's-owner').
I think it is also important to understand that MOST of the actual "security problems" which have '...hit the headlines' in the last few years have, in reality, been the result of 'poor product design' and glaring, 'built-in', security-holes. They have primarily NOT been caused by 'computer-users' (though, this is a popular 'cop-out' amongst those companies responsible for the 'flawed-products').
If this 'security-scheme' were only used to protect "corporate internal-networks", that would be one thing.
But honestly, because of Cisco's stated plans, as well as the alleged 'threat-vector' (I.E. private-PCs on the Internet), ...such a limited application wouldn't seem to be a realistic 'final-goal'.
And, I wonder if it's merely a coincidence that the slow, but unceasing, corporate and government 'push' for so-called "Trusted Computing" would only be able to truly move forward with, exactly, this sort of action being made by one of the largest suppliers of 'Internet-routing equipment'.
For more information on "Trusted Computing" you might also want to read:
=======================================================
Don't Trust "Trusted Computing"
http://www.msnbc.com/news/998345.asp?cp1=1
Microsoft and Intel RE-Designing the PC-BIOS
http://news.com.com/2100-7337-5131787.html
DRM 'Used' as "LOCK-IN TOOL" for Proprietary Technology..?
http://news.com.com/2100-1025-5103601.html?tag=nl
Phoenix To Ship DRM-Equipped BIOS
http://www.extremetech.com/article2/0,3973,1237519,00.asp
(PDF File) from the "EFF" on Intel's "Trusted Computing" recommendations
http://www.eff.org/Infra/trusted_computing/eff_comments_lt_policy.pdf
Microsoft and Time-Warner working towards absolute 'media-control' in all PCs
http://www.thestreet.com/markets/dumbestgm/10140524.html
Another article about Microsoft's "Trusted Computing" initiative
http://www.digitaljournal.com/news/?articleID=3843
An Excellent Article in "CPU Magazine" about Microsoft's "Trusted Computer Initiative"
http://www.computerpoweruser.com/email.asp?emid=107696
Microsoft Pushes Anti-Spam Scheme Using Authentication
(One more step towards "Trusted Computing"...?)
http://www.informationweek.com/story/showArticle.jhtml?articleID=18201076
And again, a good examination of the real nature of "Trusted Computing"
http://www.gnu.org/philosophy/can-you-trust.html
It also seems the U.S. Government intends to abolish "Internet Porn", ...along with other, "...objectionable speech".
http://news.com.com/2010-1071-5171076.html?tag=nefd_acpro
Microsoft's Integrated "Longhorn" technologies mean greater 'Lock-In' potential
(Use Microsoft, ...or Don't Use the Internet..?)
http://news.com.com/2009-1016-5103226.html?tag=nl
Software-Makers (are you listening Microsoft..?) should be expected
to produce a better 'Product'...
http://forbes.com/technology/2004/04/06/cz_qh_0406fortify.html?partner=newscom
(NPR) "Weinberger's Three Horsemen of the Infopocalypse"
(author says that DRM, digital identity technologies and
'trusted computing' will significantly damage legitimate
use of 'media-content')
http://www.npr.org/rundowns/segment.php?wfId=1813438
A discussion of the purpose of "Digital Rights Management", ...such as the "Broadcast-Flag" and the "TCPA"...
http://www.corante.com/copyfight/archives/003559.html
- 2 Questions, 1 Statement
- by June 20, 2004 2:50 PM PDT
- Questions:
- Like this Reply to this comment
-
(4 Comments)1: Who pays the subscription to trend?
2: What's to stop this from being used to block say, linux machines on a network?
Statement:
Um, isn't it a fact that half the worms released do most of their damage BEFORE the definitions have been updated in the antivirus - IE: The worm must exist before the definition is updated, therefor someone must recive this worm, report it, and it's signature be added.
So um, unless you incorporate some heuristics of mammoth proportions into these devices (something I don't like because they could block legit traffic) You're not going to contain "new" worms very well
Summary: Waste of money, and requires to much trust.