Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Vendors Get Their NAC Together

Interoperability pact between Microsoft, TCG breaks down endpoint security barriers

LAS VEGAS -- Interop -- The NAC wars are over, apparently, and Microsoft won.

The software giant here yesterday revealed an agreement with the Trusted Computing Group (TCG) that will make Microsoft's endpoint security technology -- Network Access Protection (NAP) -- interoperable with the TCG's Trusted Network Connect (TNC), which has been positioned as a multivendor standard for network access control (NAC).

Juniper Networks, which had previously aligned itself with the TCG and Symantec as an alternative to NAP, said in a separate announcement here that it will now work with Microsoft NAP as well.

The accord is a milestone for NAC, which promises to exclude from the network any device that does not fit a corporation's security policies, then help remediate that device to comply with those policies. Many enterprises like the idea of NAC, which theoretically could restrict network access to users and clients that meet their own specific security requirements.

Until now, however, NAC has been mired in a cross-vendor fracas over how the technology should be implemented and enforced. Cisco, which developed the original NAC with its Network Admission Control technology, reached an accord with Microsoft's NAP last year (See Cisco, Microsoft Join Forces on Security. But Microsoft had largely ignored TCG, which had billed TNC as the only vendor-neutral spec, gaining the backing of Cisco and Microsoft competitors such as Juniper and Symantec. (See Symantec & Juniper Join Forces.)

Now that Microsoft and TCG are in line, enterprises can allegedly move forward with their NAC projects, with the knowledge that all their vendors will at least be trying to interoperate. Such interoperability is critical to NAC because of its reliance on enforcement and policies that work on all clients that try to access the network, including guest machines.

The deal confirms that most NAC efforts will revolve around NAP, observers say. "Microsoft won the access control wars last summer when Cisco capitulated," says Eric Ogren, founder of Ogren Group, an IT security consultancy.

"This is an excellent announcement for Microsoft," Ogren says. "It is demonstrating the commitment to work with the security community, and the partner program will verify that hardware devices are indeed NAP compatible. Enterprise IT will now look more seriously at Microsoft security for the endpoints."

Peter Christy, a principal at Internet Research Group, said he wasn't surprised by the Microsoft-TCG announcement. "TCG needs to integrate with Windows," he says. "Customers are saying, 'Don't make us choose between [vendors].' This is good for the customer -- he doesn't have to choose now."

Microsoft and the TCG said that NAP products will eventually work in TNC-protected networks and TNC products will work in NAP-protected networks.

"The first step in the interoperability of NAP and TNC will be enabled by Microsoft's contribution of its Statement of Health (SOH) protocol to the Trusted Computing Group," the partners said. "A new specification, the IF-TNCCS-SOH, is being released today as part of the TNC architecture. Vendors can begin implementing the IF-TNCCS-SOH specification immediately.

"As products supporting the new IF-TNCCS-SOH specification become available in the coming months, customers will be able to start implementing portions of NAP-TNC interoperability," the partners added. "TNC servers that support the SOH protocol can interoperate with Windows Vista and other NAP clients without requiring any extra software... TNC clients that support the SoH protocol can participate in NAP-protected networks, authenticating and participating in health checks."

Microsoft and the TCG published a white paper that outlines their plans for making the two NAC environments work together.

Despite the accord, however, some observers say that NAC still has a long road ahead of it. "I do not believe that NAC/NAP itself will have much more likelihood of succeeding [because of the pact], with the exception of a few niche markets," Ogren says.

"Pre-connect security simply does not meet security requirements for a business world that is increasingly moving to software as a service and loosely connected endpoints," Ogren explains. The release of NAP that's compatible with TCG "won't even be out until Longhorn Server 2008, which means that most IT shops will not even think about a significant deployment until 2010," he predicts. "Lots can happen between now and then."

Rob Enderle, president of the Enderle Group, notes that while Microsoft and TCG are working together, and Microsoft is working with Cisco, Cisco still has not built a bridge to the TCG. "Cisco hasn't been willing to work with TCG, which has been problematic for cross vendor solutions related to Trusted Computing," he says.

"Given that interoperability remains a first-tier requirement for most large scale technology deployments, Cisco's NAC still has a significant problem to overcome," Enderle says. "This is one of the few times I've felt Cisco isn't as focused on the customer as they should be -- and that will be problematic for NAC and Cisco going forward."

— Tim Wilson, Site Editor, Dark Reading

  • Cisco Systems Inc. (Nasdaq: CSCO)}
  • Juniper Networks Inc. (Nasdaq: JNPR)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Trusted Computing Group

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    How to Think Like a Hacker
    Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
    7 SMB Security Tips That Will Keep Your Company Safe
    Steve Zurier, Contributing Writer,  10/11/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-17607
    PUBLISHED: 2019-10-16
    HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
    CVE-2019-17608
    PUBLISHED: 2019-10-16
    HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
    CVE-2019-17609
    PUBLISHED: 2019-10-16
    HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
    CVE-2019-17610
    PUBLISHED: 2019-10-16
    HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
    CVE-2019-17611
    PUBLISHED: 2019-10-16
    HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.