Microsoft And Cisco Partner On Network-Access Security

Microsoft and Cisco Systems will collaborate to make their emerging products for network security compatible, the companies disclosed on Monday. The vendors had been working independently in the area of PC access to networks but say customers insisted they work together to solve what's become a critical problem for many companies.

Microsoft will match its in-development Network Access Protection software with Cisco's Network Admissions Control technology, introduced in July. Both are intended to tighten security at network end points by checking the status of PCs and laptops to ensure they're virus free, up to date on patches, and compliant with company software policies.

"This gives our mutual customers a forward-looking road map that we're going to make our respective approaches compatible and interoperable," says Richard Palmer, VP and general manager of Cisco's VPN and security business unit.

To make it work, Microsoft will push back delivery of Network Access Protection by more than a year. As recently as three months ago, the software had been slated for the "R2" version of Windows Server 2003 in the second half of 2005; it's now scheduled for the Longhorn version of Windows server in 2007.

Microsoft already provides one level of network-access security today in the form of virtual private networking "quarantine" software for Windows Server 2003. Quarantine refers to an approach that checks a PC or laptop for compliance with a company's standard software configurations before granting it access to other systems on a network. Network Access Protection will expand those capabilities to give Windows administrators greater control in more scenarios.Part of the reason for the delay in delivering Network Access Protection is that Microsoft decided to add support for the Internet Security Protocol, or IPSec, to it. Microsoft had planned to use only the Dynamic Host Configuration Protocol to "interrogate" computers seeking network privileges, but came to the realization that the IPSec, which uses encryption, was required, too. "DHCP is a lowest common denominator," says Steve Anderson, director of Windows Server marketing. "In many security circles, while it's good, it's not good enough."

Cisco introduced its Network Admission Control system in July for its line of routers. It plans to extend NAC to its line of network switches in the first half of next year, says Palmer.

Microsoft and Cisco engineers will share details about the software architectures used by their respective approaches to network security, but technology sharing is not part of this agreement, according to Anderson.