Cisco Network Admission Control (NAC) program

["Manson, Daniel" <DMANSON () CSUPOMONA EDU>]

I would like to know what others think about the following Cisco program
announcement.  The URL is
http://newsroom.cisco.com/dlls/hd_111803b.html?CMP=ILC-00

Getting the NAC of Network Security

Groundbreaking program coordinates defenses between the network and
computers

Designed to dramatically increase the capabilities of data networks to
protect themselves against viruses, worms, and other security threats, Cisco
Systems recently announced the Cisco Network Admission Control (NAC)
program. NAC will use Cisco routers to enforce admission privileges to
"end-point" devices--personal computers, servers, or PDAs--based on the
security status of those end-points and their compliance with a network's
security policies.

"This is the first example of a much more dynamic network security
architecture that can respond automatically to attacks and threats," says
Bob Gleichauf, the chief designer of the concept. "Clearly, businesses have
been significantly affected by viruses and worms, so we needed to find a
better way to protect their networks, systems and applications."

Innovative technology for the NAC program includes the Cisco Trust Agent,
client-based software that resides on computers and other end-points. The
Cisco Trust Agent collects security state information from multiple security
software clients, such as anti-virus clients, and communicates this
information to the connected Cisco network via the Cisco Secure Access
Control Server, where access control decisions are made and enforced. The
Access Control Server will execute admission controls to permit, deny,
quarantine or restrict end-point network access. The NAC program will
initially support end-point devices running Microsoft(r) Windows NT, XP and
2000 operating systems.

While other equipment vendors offer stand-alone appliances that check the
security status of client devices, the Cisco Self-Defending Network
Initiative offers such security built into the routers and switches running
Cisco networks, making for a more comprehensive and effective security
approach.

Cisco has created the NAC program in conjunction with leading anti-virus
software companies, including Network Associates, Symantec and Trend Micro.
Such industry collaboration is key to the success of the NAC program, since
the network will need to know what, if any, protection end-point computers
have before allowing them network access. This lets businesses leverage
their existing investment in Cisco network infrastructure and anti-virus
software to better protect themselves.

The NAC program is a key component of Cisco's Self-Defending Network, an
innovative, multi-year security vision that takes a fundamentally new
approach to network security. Until now, network security and computer
security were dealt with separately. Cisco's Self-Defending Network breaks
from the traditional approach of creating separate security products for
networks and the computers attached to them. Instead, it treats the network
and end-point devices as all part of the same "system."

The goal of Cisco's Self-Defending Network is to create greater security
coordination between the network and its associated computers, servers and
other devices. Much in the same way the human body uses antibodies to
identify, prevent and respond to health threats, the Self-Defending Network
fights against the infiltration and spread of computer viruses, worms and
other deleterious exploits across Cisco networks.

And that should make everyone who depends on healthy networks feel better.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.