New chips from Intel support Cisco's flavor of NAC

Security: Network Access Control This newsletter is sponsored by Altiris Six steps to pain-free hardware upgrades Desktop hardware upgrades are traditionally costly, complicated and time-consuming - but now it's time to break with tradition. Discover six steps to a successful hardware refresh. Click here to watch this Webcast Network World's Security: Network Access Control Newsletter, 08/30/07 New chips from Intel support Cisco’s flavor of NAC By Tim Greene New chips from Intel support Cisco’s NAC. The vPro microprocessors can store certificates for 802.1x authentication, which can be a component of Cisco’s NAC, as well as storing information needed by Cisco’s NAC to determine whether a device complies with security policies. Specifically, Cisco NAC seeks to know things such as whether a device has an updated operating system or updated virus libraries. It uses this information to determine whether the device is safe enough to let onto the network, with a reasonable degree of assurance that the machine is not infected. This checking is generally done either with no specialized software on the end machine - which allows rudimentary endpoint checking - or via software or dissolvable software agents. Discover the Business of Gaining Organizational Support for your Security Initiatives. September 10-11, 2007 | The Fairmont Chicago How do you get everyone from the boardroom to the mailroom to comply with your security initiatives? Come collaborate with peers on critical business topics like this at The Security Standard-the only business summit for senior security executives. For the latest in planning and management strategies. Click here for more details. Click here for more details The problem with software doing the checks is that the machines are essentially reporting on themselves, a well-known weakness in security architecture. If the end machine is compromised, it might be compromised to the extent that it can lie effectively to the NAC policy engine. The generally accepted better method is to have the endpoint check done in hardware, which is what the new chips support. Cisco NAC posture can be stored in the chips themselves. This makes endpoint checks available even if the hardware is powered down or if the operating system is compromised. The chips also can receive updates for software on the host computers, so the chips could become part of remedying shortcomings that a NAC check reveals. These new features are something that should be kept in mind as businesses update their computers and if they are weighing whether Cisco NAC is the way to go.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Microsoft blames human error for glitch 2. Airline puts Linux PC in every seat 3. Vista SP1 beta on the way 4. PDF spam levels plummet 5. iPhone unlocking video hits Web 6. Windows Server 2008 delayed again 7. The metal-whisker menace 8. iPhone unlocker trades phone for 'sweet' car 9. How close is World War 3.0? 10. Deja vu: Sony uses rootkits, F-Secure says MOST E-MAILED ARTICLE: Airline puts Linux PC in every seat

Contact the author: Tim Greene is a senior editor at Network World, covering network access control, virtual private networking gear, remote access, WAN acceleration and aspects of VoIP technology. You can reach him at tgreene@nww.com. This newsletter is sponsored by Altiris Six steps to pain-free hardware upgrades Desktop hardware upgrades are traditionally costly, complicated and time-consuming - but now it's time to break with tradition. Discover six steps to a successful hardware refresh. Click here to watch this Webcast ARCHIVE Archive of the Security: Network Access Control Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: networking.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007