IETF Strives for NEA Standard

he IETF's NEA initiative aims to provide a standardized way for compliant endpoints to interoperate with the variety of architectures, including Cisco Systems' NAC, Microsoft's NAP and the work of the Trusted Computing Group. Vendors have been doing some work in the area of compatibility, but the IETF's work will lay the groundwork for the interoperability that customers need. The NEA framework includes representation from many major companies, including Cisco, Juniper Networks and Microsoft. NEA should become widely embraced by the vendors in this arena, considering the real money and efforts are spent on the back-end systems. It is likely that both Cisco and Microsoft will support the IETF's efforts when they come to fruition. However, that probably won't happen for at least 12 months.

Vendors have put their bobbers in the water trying to catch enterprise fish with the idea of network endpoint assessment. But though various NEA architectures improve endpoint security, they also lock enterprises into proprietary security architectures. The IETF aims to solve this problem with a specification that will let any endpoint software talk to any authentication-enforcement architecture.

For the industry and customers, the IETF's NEA efforts are important. Cisco Systems and Microsoft have proprietary technologies--respectively, Network Admission Control and Network Access Protection--that may lock the market into one or the other. The NEA standard represents a neutral market option that will let more players have a fighting change. The framework focuses on standardizing some of the underlying protocols--including the PB (Posture Broker) Protocol, the PA (Posture Attribute) Protocol, and the PT (Posture Transport) Protocol. Other parts of the communications process and protocols used to communicate between different parts of the NEA server won't be defined by the working group at this time because they are less important to end customers.