Search This Blog

Thursday, August 30, 2007

New chips from Intel support Cisco's flavor of NAC

Network World

Security: Network Access Control




Network World's Security: Network Access Control Newsletter, 08/30/07

New chips from Intel support Cisco’s flavor of NAC

By Tim Greene

New chips from Intel support Cisco’s NAC. The vPro microprocessors can store certificates for 802.1x authentication, which can be a component of Cisco’s NAC, as well as storing information needed by Cisco’s NAC to determine whether a device complies with security policies.

Specifically, Cisco NAC seeks to know things such as whether a device has an updated operating system or updated virus libraries. It uses this information to determine whether the device is safe enough to let onto the network, with a reasonable degree of assurance that the machine is not infected.

This checking is generally done either with no specialized software on the end machine - which allows rudimentary endpoint checking - or via software or dissolvable software agents.

Discover the Business of Gaining Organizational Support for your Security Initiatives.

September 10-11, 2007 | The Fairmont Chicago
How do you get everyone from the boardroom to the mailroom to comply with your security initiatives? Come collaborate with peers on critical business topics like this at The Security Standard-the only business summit for senior security executives. For the latest in planning and management strategies. Click here for more details. Click here for more details

The problem with software doing the checks is that the machines are essentially reporting on themselves, a well-known weakness in security architecture. If the end machine is compromised, it might be compromised to the extent that it can lie effectively to the NAC policy engine.

The generally accepted better method is to have the endpoint check done in hardware, which is what the new chips support. Cisco NAC posture can be stored in the chips themselves.

This makes endpoint checks available even if the hardware is powered down or if the operating system is compromised. The chips also can receive updates for software on the host computers, so the chips could become part of remedying shortcomings that a NAC check reveals.

These new features are something that should be kept in mind as businesses update their computers and if they are weighing whether Cisco NAC is the way to go.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. Microsoft blames human error for glitch
2. Airline puts Linux PC in every seat
3. Vista SP1 beta on the way
4. PDF spam levels plummet
5. iPhone unlocking video hits Web
6. Windows Server 2008 delayed again
7. The metal-whisker menace
8. iPhone unlocker trades phone for 'sweet' car
9. How close is World War 3.0?
10. Deja vu: Sony uses rootkits, F-Secure says

MOST E-MAILED ARTICLE:

Airline puts Linux PC in every seat


Contact the author:

Tim Greene is a senior editor at Network World, covering network access control, virtual private networking gear, remote access, WAN acceleration and aspects of VoIP technology. You can reach him at tgreene@nww.com.



ARCHIVE

Archive of the Security: Network Access Control Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments: