Cisco, Anti-virus Vendors Team on Network Security
As part of Cisco's Self-Defending Network Initiave Cisco has announced a new product which relies on "the Cisco Network Admission Control program is innovative software developed by Cisco called the Cisco Trust Agent which resides on an endpoint system and communicates with the Cisco network. The Cisco Trust Agent collects security state information from multiple security software clients, such as anti-virus clients, and communicates this information to the connected Cisco network where access control decisions are made and enforced. Cisco has licensed its Cisco Trust Agent technology to Network Associates, Symantec and Trend Micro so it can be integrated with their security software client products." Currently the Cisco NAC software only works with Cisco network equipment and Microsoft Windows NT, XP and 2000 operating systems. Without the secret handshake Mac OS, Linux, Solaris and other operating systems will not be able to connect to a Cisco Self-Defending Network which limits its usefullness for ISPs.
Pretty much limits it's usefulness for everyone else too. I've yet to visit an enterprise that didn't have a couple of Macs or Linux boxes somewhere. Of course Windows is where the problem is so if you could set this up to globally permit Apple/Sun etc. mac addresses, you'd be part way there. -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Sean Donelan Sent: Tuesday, November 18, 2003 12:09 PM To: nanog@merit.edu Subject: Cisco, Anti-virus Vendors Team on Network Security As part of Cisco's Self-Defending Network Initiave Cisco has announced a new product which relies on "the Cisco Network Admission Control program is innovative software developed by Cisco called the Cisco Trust Agent which resides on an endpoint system and communicates with the Cisco network. The Cisco Trust Agent collects security state information from multiple security software clients, such as anti-virus clients, and communicates this information to the connected Cisco network where access control decisions are made and enforced. Cisco has licensed its Cisco Trust Agent technology to Network Associates, Symantec and Trend Micro so it can be integrated with their security software client products." Currently the Cisco NAC software only works with Cisco network equipment and Microsoft Windows NT, XP and 2000 operating systems. Without the secret handshake Mac OS, Linux, Solaris and other operating systems will not be able to connect to a Cisco Self-Defending Network which limits its usefullness for ISPs.
On Tue, 18 Nov 2003 15:08:45 EST, Sean Donelan <sean@donelan.com> said:
Without the secret handshake Mac OS, Linux, Solaris and other operating systems will not be able to connect to a Cisco Self-Defending Network which limits its usefullness for ISPs.
A *nix without a secret handshake is like a fish without a bicycle. Yes, viruses *are* theoretically possible on these platforms, but let's be honest here - even if you included all of the platforms, you'd only intercept another 1% or so viruses, tops. At worst, you have to run another network segment to connect all the machines that are able to defend themselves without assistance.
On Tue, 18 Nov 2003 Valdis.Kletnieks@vt.edu wrote:
Without the secret handshake Mac OS, Linux, Solaris and other operating systems will not be able to connect to a Cisco Self-Defending Network which limits its usefullness for ISPs.
A *nix without a secret handshake is like a fish without a bicycle.
Yes, viruses *are* theoretically possible on these platforms, but let's be honest here - even if you included all of the platforms, you'd only intercept another 1% or so viruses, tops.
Well, if you let systems on the network without the secret handshake, what's to stop people from connecting Windows boxes with the "security" software disabled so it doesn't answer the "I'm Infected" question? Or the next virus can take over the Cisco secret handshake port and always answer "I'm Ok" when ever the network asks it a question. How does the Self-Protecting Network tell the difference between a non-infected Mac or Unix machine from a Typhod Mary Windows bo if you are depending on software on the system to answer the question? Yes, some level of security works when every obeys the rules. But the current problem ISPs have is not everyone obeys the rules.
Sean Donelan wrote:
On Tue, 18 Nov 2003 Valdis.Kletnieks@vt.edu wrote:
Without the secret handshake Mac OS, Linux, Solaris and other operating systems will not be able to connect to a Cisco Self-Defending Network which limits its usefullness for ISPs.
A *nix without a secret handshake is like a fish without a bicycle.
Yes, viruses *are* theoretically possible on these platforms, but let's be honest here - even if you included all of the platforms, you'd only intercept another 1% or so viruses, tops.
Well, if you let systems on the network without the secret handshake, what's to stop people from connecting Windows boxes with the "security" software disabled so it doesn't answer the "I'm Infected" question? Or the next virus can take over the Cisco secret handshake port and always answer "I'm Ok" when ever the network asks it a question.
How does the Self-Protecting Network tell the difference between a non-infected Mac or Unix machine from a Typhod Mary Windows bo if you are depending on software on the system to answer the question?
Yes, some level of security works when every obeys the rules. But the current problem ISPs have is not everyone obeys the rules.
Or maybe the problem is yet another single-vendor impostion of a "global" protocol standard.
According to the marketing folk, "it's a phased approach". This translates to two things: 1. There is a plan for an open API. 2. *NIX is not where the problem lies, right now. Eliot
This looks suspiciously similar to the solution Nokia announced a few weeks ago, though it was based on a java application, not sure how platform dependent it was. Pete Sean Donelan wrote:
As part of Cisco's Self-Defending Network Initiave Cisco has announced a new product which relies on "the Cisco Network Admission Control program is innovative software developed by Cisco called the Cisco Trust Agent which resides on an endpoint system and communicates with the Cisco network. The Cisco Trust Agent collects security state information from multiple security software clients, such as anti-virus clients, and communicates this information to the connected Cisco network where access control decisions are made and enforced. Cisco has licensed its Cisco Trust Agent technology to Network Associates, Symantec and Trend Micro so it can be integrated with their security software client products."
Currently the Cisco NAC software only works with Cisco network equipment and Microsoft Windows NT, XP and 2000 operating systems.
Without the secret handshake Mac OS, Linux, Solaris and other operating systems will not be able to connect to a Cisco Self-Defending Network which limits its usefullness for ISPs.
participants (6)
-
Eliot Lear
-
Laurence F. Sheldon, Jr.
-
Petri Helenius
-
Sean Donelan
-
Simon Hamilton-Wilkes
-
Valdis.Kletnieks@vt.edu