X

Cisco extends NAC security to switches

Cisco is adding new security software to all its products including Ethernet switches and wireless gear.

Marguerite Reardon Former senior reporter
Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.
See full bio
Marguerite Reardon
3 min read
Cisco Systems has taken a key step to ensuring that spyware, viruses and worms can't infiltrate a corporate network.

Cisco is expected to announce on Tuesday that it has added software to its Ethernet switches and wireless products that fit into its Network Admission Control (NAC) framework, which keeps networks safe by controlling which devices gain access to a network.

Specifically, the NAC technology will be embedded in its switches and wireless gear. The new software will allow network access only to trusted end-point devices such as laptops, PCs and PDAs (personal digital assistants). For example, a switch could deny access to a laptop that has outdated antivirus software running.

In June 2004, Cisco announced it had embedded the NAC technology in its software routers, which are used to connect corporate networks to the Internet. By securing routers and virtual private network concentrators, Cisco customers could control which devices access the network remotely.

With the addition of the improved switches and the wireless equipment, Cisco customers can also check devices connecting to the corporate network from the inside. For example, when a salesman who has been on the road returns to the office and plugs into the network, the switches that direct traffic will check that he hasn't brought a virus or worm with him.

Software upgrades for the Cisco Catalyst 6500, 4500, 4900, 3700, 3500 and 2900 series switches will be available at the end of November at no additional charge to customers with support contracts, the company said. NAC software on the Cisco wireless platforms, including Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM), Cisco Aironet access points, Cisco Aironet lightweight access points, and Cisco Wireless LAN Controller platforms are available today.

Even after all Cisco's devices are updated with NAC software, executives say there is still more work to be done.

"With NAC, many of the security elements are in place," said Bob Gleichauf, chief technology officer for Cisco's Security Technology Group. "Attacks are getting more sophisticated, and companies need to be more savvy about protecting themselves. This means establishing more sophisticated policies for network security."

Cisco isn't the only company that is working on new security architecture. Microsoft is also working on what it called Network Access Protection (NAP). Like NAC, Microsoft's NAP architecture calls for a third party device to check users' machines before they log onto to the network to ensure their laptop or handheld device meets policy requirements. If it does, the user is allowed access to the network. If it doesn't, the user's connection is funneled to a restricted virtual private LAN, where the user can make changes, or have changes made automatically, to conform to policy before being redirected back to the main network.

Pieces of Microsoft's solution are expected in 2005, but so far nothing has been announced. Cisco and Microsoft announced a year ago that they are collaborating to ensure their new architectures work together. But progress on the efforts has not been reported.

"We're not ready to show anyone anything yet," said Gleichauf. "But the engineering efforts are ongoing."