Cisco has extended its security alliance with IBM and
announced it will be working with Microsoft to make emerging
products for networks security compatible.
In July Microsoft said it had signed up 25 IT companies to its
Network Access Protection (Nap) scheme to support end-to-end IT
security within Windows 2003 R2, the next version of the company's
server operating system. As a result, Microsoft will push delivery
of Nap back by more than a year.
At the time neither IBM nor Cisco was supporting the Microsoft
initiative, although Cisco has been working with IBM since February
to develop a secure infrastructure by integrating IBM Tivoli
security policy compliance software with Cisco network admission
control technologies. Microsoft's Nap was not compatible with this
approach.
But last week, Cisco and Microsoft said they would collaborate to
make the systems work together.
Meanwhile, IBM and Cisco have extended their global security
alliance, aiming to automatically comply, quarantine and fix
at-risk computing devices, such as laptops, desktops and wireless
devices.
The companies said the collaboration will offer preventive,
self-protecting technology that help users to automatically control
who and what is given access to the network, based on
enterprise-wide security policies.
Through the collaboration, IBM Tivoli Security Compliance Manager,
working in conjunction with the Cisco network infrastructure, can
be used to enforce a user's established security policies and
automatically probe devices connecting to the network to flag
non-compliant systems.
The IBM software is used to determine whether the device is
compliant with current security policies, such as by checking its
operating system patch version, anti-virus update level, password
settings, and other custom policies.
Once it determines the compliance status of the device, the Cisco
secure Access Control Server (ACS), a component of Cisco's Network
Admission Control architecture, grants or denies access to the
network.
If the device is deemed compliant, based on the ACS criteria, the
user will be allowed to access the network.
If not, the Cisco ACS will move the device to a specific security
zone, such as a virtual Lan, where it will be isolated from other
parts of the network.
Within the set-up, IBM's Tivoli Provisioning Manager can be used to
install relevant operating system patches or anti-virus software
updates.
Once the affected device has been patched the system then
re-engages the Cisco network for admission to restore access to the
production network.