In July Microsoft said it had signed up 25 IT companies to its Network Access Protection (Nap) scheme to support end-to-end IT security within Windows 2003 R2, the next version of the company's server operating system. As a result, Microsoft will push delivery of Nap back by more than a year.
At the time neither IBM nor Cisco was supporting the Microsoft initiative, although Cisco has been working with IBM since February to develop a secure infrastructure by integrating IBM Tivoli security policy compliance software with Cisco network admission control technologies. Microsoft's Nap was not compatible with this approach.
But last week, Cisco and Microsoft said they would collaborate to make the systems work together.
Meanwhile, IBM and Cisco have extended their global security alliance, aiming to automatically comply, quarantine and fix at-risk computing devices, such as laptops, desktops and wireless devices.
The companies said the collaboration will offer preventive, self-protecting technology that help users to automatically control who and what is given access to the network, based on enterprise-wide security policies.
Through the collaboration, IBM Tivoli Security Compliance Manager, working in conjunction with the Cisco network infrastructure, can be used to enforce a user's established security policies and automatically probe devices connecting to the network to flag non-compliant systems.
The IBM software is used to determine whether the device is compliant with current security policies, such as by checking its operating system patch version, anti-virus update level, password settings, and other custom policies.
Once it determines the compliance status of the device, the Cisco secure Access Control Server (ACS), a component of Cisco's Network Admission Control architecture, grants or denies access to the network.
If the device is deemed compliant, based on the ACS criteria, the user will be allowed to access the network.
If not, the Cisco ACS will move the device to a specific security zone, such as a virtual Lan, where it will be isolated from other parts of the network.
Within the set-up, IBM's Tivoli Provisioning Manager can be used to install relevant operating system patches or anti-virus software updates.
Once the affected device has been patched the system then re-engages the Cisco network for admission to restore access to the production network.