Cisco, Microsoft pledge security interoperability

The companies will share security features to help customers protect their networks from worms and viruses.

Marguerite Reardon
Marguerite Reardon Former senior reporter
Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.
4 min read
Cisco Systems and Microsoft are teaming up to make their security architectures interoperable in an effort to keep worms and viruses off corporate networks.

On Monday, the companies announced a partnership that will allow them to share technology and integrate security features on Cisco's networking gear and Microsoft's server and desktop products.

Earlier this year, each of the companies introduced its own "end to end" security architecture. Unfortunately for customers, the proposed architectures were not interoperable. Because the companies had not officially pledged they would work together, customers feared they would be forced to choose between a Cisco implementation or one from Microsoft.

But now, the companies say that customers will not be forced into a tough either/or decision.

"This partnership should give our common customers increased confidence to implement either security architecture knowing that they will be interoperable going forward," said Richard Palmer, a vice president and general manager for Cisco's security group.

The Cisco and Microsoft architectures are part of a new movement in information technology that treats security more holistically. As the cost of fighting and cleaning up after worms and viruses mounts, corporate customers are looking for solutions that combine traditional virus scanning with network policing to keep attacks from ever entering the network in the first place.

As a result, both the Cisco and Microsoft approaches are concerned not only with scanning for viruses but also with policing networks to deny connections to machines that don't conform with security policies.

Cisco introduced Network Admission Control, or NAC, last year. In June, it announced that its routers would support the NAC architecture. It plans to add NAC support to its switches in 2005. Microsoft announced plans earlier this year for Network Access Protection (NAP) architecture, saying that a key method of reducing the spread of viruses is to stop machines from re-entering a corporate network unchecked.

However, in order to make its effort compatible with Cisco's, Microsoft is delaying most of that capability until Longhorn Server, which is slated for release in 2007. The function had been one of the key features of an "R2" interim update that is scheduled for the second half of next year. That release will allow networks to keep machines that are connecting via a VPN (virtual private network) in a secure area, but the ability to quarantine laptops that are re-entering a corporate network won't come until Longhorn, according to Microsoft's Samm DiStasio.

DiStasio said that R2 will still add important features next year, including a simplified approach for managing branch servers and improved handling of multiple directory services.

"Certainly network access protection is a big thing for us," DiStasio said. "It belongs in the Longhorn Server time frame."

So far, neither company is talking about which products will be integrated or when they will be available. But engineers at the companies have already begun exchanging protocols, software coding and application programming interfaces.

"It's still too early for us at this point to know specifics about the details or timeline," said Bob Kelly, general manager of Windows Server Group for Microsoft. "The engineers are still passing the specs back and forth."

Both companies acknowledge that they have a lot of work ahead of them. One of the major obstacles they face is integrating the Remote Authentication Dial In User Service, or Radius servers. In each of the proposed architectures, the companies use their own Radius servers to centrally enforce security policy and provide administration of user profiles.

Separately, the companies have already begun partnering with antivirus software and networking vendors. Cisco announced last week that it has added Computer Associates and IBM as partners. Cisco and Microsoft also have pledged to make some of their technology available to other companies so that they could connect into their architecture.

As part of this new partnership, they also are pledging to work together with standards groups to develop specifications that will allow software and hardware products from any vendor to be used with their own.

A consortium of vendors called the Trusted Computing Group is already working on an architecture that will use open standards. The companies said they also will work with other organizations, such as the Institute of Electrical and Electronics Engineers and the Internet Engineering Task Force, on standards.

"We plan to work together to drive industry standards and promote a broad ecosystem of integrated solutions from a wide variety of players, including those that we have each enlisted on our own," Palmer said.

Microsoft is already partnering with several of Cisco's competitors including Juniper Networks and Enterasys. Cisco's Palmer said the company is committed to eventually opening up its technology to competitors through the standards process.