Users urged to press Cisco to make security tool meet open standards

Users have been warned to tread carefully before opting to deploy a new software tool designed by network giant Cisco to improve...

Users have been warned to tread carefully before opting to deploy a new software tool designed by network giant Cisco to improve security on corporate networks.

The Cisco tool is part of a wider strategy, called Cisco Network Admission Control (CNAC), that has been developed with anti-virus software suppliers including Network Associates, Symantec and Trend Micro.

Although analyst firm Gartner welcomed the initiative, it warned that it could increase management complexity and lock users into a single supplier environment.

Gartner research director Alain Dang Van Mien said the initiative made it easier for users to implement network security but that they needed to be aware that intruders could exploit other parts of the IT infrastructure.

The CNAC initiative aims to reduce the disruption to firms caused by viruses. Cisco said the initial version would enable Cisco routers to control how devices access a network

CNAC relies on agent technology, called the Cisco trust agent, that resides on an endpoint device such as a PC connected to the corporate network.

This agent collects security information from Network Associates, Symantec and Trend Micro antivirus software running on the endpoint Windows-based PC and communicates it to the connected Cisco network where access control decisions are made and enforced.

With all its elements in place, PCs and other devices will not be permitted to gain access to a network unless they comply with the company's security policy, both in terms of security software and of having up-to-date patches.

Gartner warned that the Cisco trust agent would have to be installed on all network endpoints but that some devices, such as IP telephones, printers, personal digital assistants and non-Windows devices, were not being supported by Cisco.

The analyst firm advised users to put pressure on suppliers to ensure the approach did not become a Cisco proprietary technology, and warned that it could add to administrative overheads.

A Gartner paper on CNAC urged users to urge both Cisco and third-party developers to accelerate the development of an open standard.

Van Mein said, "A framework such as CNAC never covers everything and attackers can exploit servers, databases, e-mail and operating systems as well as the network. No one supplier can cover all aspects of security."

Vincent Bieri, business development manager at Cisco, said CNAC was still at an early stage of development.

"We support Windows now, but we aim to open up the architecture, he said.

Read more on IT risk management