Reputation becomes part of Cisco's NAC

Network Access Control This newsletter is sponsored by Altiris Six steps to pain-free hardware upgrades Desktop hardware upgrades are traditionally costly, complicated and time-consuming - but now it's time to break with tradition. Discover six steps to a successful hardware refresh. Click here to watch this Webcast Network World's Network Access Control Newsletter, 07/05/07 Reputation becomes part of Cisco's NAC By Tim Greene Cisco recently announced that it would integrate reputation technology, gained from its purchase of IronPort, into the Cisco Self Defending Network architecture. A Cisco spokesman said that reputation - whether a particular user or device is known for spreading spam or launching attacks - will also become part of Cisco’s NAC offering. The way that would work is the NAC policy server would check on the device’s reputation as part of its deliberations about granting network access. If the device comes back with a bad reputation, that could be grounds for denying access. Or short of that, it could be grounds for restricting access to a network segment where it can do no harm. Get Everyone from the CEO to the MySpace Generation to Support Your Security Plans. September 10-11, 2007 | The Fairmont Chicago How do you get everyone from the boardroom to the mailroom to comply with your security initiatives? Come collaborate with peers on critical business topics like this at The Security Standard-the only business summit for senior security executives. For the latest in planning and management strategies. Click here for more details. Click here for more details If the device comes back with a good reputation, it still might be rejected or restricted on other grounds. And the company says this is a concept it would like to extend. Cisco says that other security technologies might also be integrated with its NAC gear. So data gathered from firewalls, intrusion prevention systems (IPS) and the like could be shared with the NAC policy server. An IPS might know whether a device has been behaving badly and inform the NAC server, which could alter the access rights of the device. Similarly, the NAC policy server could share data it gathers from endpoints as they try to gain access to the system. So the Cisco IPS could learn the user associated with a machine making an apparent attack. This sharing among its various security platforms explains why Cisco doesn’t have a specific platform labeled post-admission NAC. The sharing takes its place.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. iPhone launches and AT&T EDGE goes down 2. Hackers make progress towards unlocking iPhone 3. Top 25 'iPhonies' 4. The $2.3M home lab of Quadruple CCIE 5. The 7 Wonders of the Internet 6. Salary survey: Be a CSO and get rich 7. Lawyers show how to avoid hiring an American 8. iPhone buzz reaches to Microsoft's back yard 9. 10 things Apple did right and wrong with the iPhone 10. SAP admits to 'some inappropriate downloads' MOST READ REVIEW: Using Microsoft's OCS as a unified messaging platform

Contact the author: Tim Greene is a senior editor at Network World, covering network access control, virtual private networking gear, remote access, WAN acceleration and aspects of VoIP technology. You can reach him at tgreene@nww.com. This newsletter is sponsored by Altiris Six steps to pain-free hardware upgrades Desktop hardware upgrades are traditionally costly, complicated and time-consuming - but now it's time to break with tradition. Discover six steps to a successful hardware refresh. Click here to watch this Webcast ARCHIVE Archive of the Network Access Control Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007