Cisco says it is not releasing its NAC client software code to the open source community, nor does the company have plans to exit the endpoint security client business, despite a Cisco executive telling the contrary to the media earlier this month.
While Cisco’s Bob Gleichauf, CTO of the company’s Security Technology Group, told the press that Cisco planned to open-source its Cisco Trust Agent, Cisco is retracting this statement. “CTA will be something that’s open source,” Gleichauf said earlier this month . “We don’t want to be in the CTA business, so we’re going to just open it up.”
Cisco’s public relations arm quashed that idea this week.
“Cisco is not open-sourcing CTA,” said a Cisco spokesperson this week. “Cisco is taking a different approach to being open via standards” regarding NAC.
To this end, Cisco says it participates in some NAC standards efforts, such as the Network Endpoint Assessment (NEA) Working group, which is part of the IETF, and is working on an industry-wide protocol to standardize NAC. Engineers from Juniper, Symantec, and Nevis Networks are among the participants in NEA.. “The corporate direction is to take that avenue towards that kind of openness” with NAC, the Cisco spokesman said. “But Cisco has decided not to open-source CTA. And there are no discussions to do that.” The CTA client is already distributed free to Cisco customers implementing Cisco’s NAC technology, which allows LAN switches and other network gear to block unsafe client machines from a corporate network. CTA is an agent which collects security data about an endpoint and communicates the endpoint’s status to the authentication layer of a NAC infrastructure — such as authentication, authorization and accounting servers. In Cisco’s model, if the CTA reports security data on an endpoint that does not meet a certain level, authentication servers and network gear work in concert to block port access to the endpoint.
Cisco has also worked to make its NAC technology interoperable with Microsoft’s Network Access Protection (NAP) technology. The two companies last year said Microsoft’s NAP client would work with Cisco’s NAC infrastructure. However, Cisco is not playing with all NAC standardization and interoperability efforts. The company is still a hold-out from the 70-member Trusted Computing Group’s Trusted Network Connect (TNC) — which counts Juniper, Extreme Networks, HP ProCurve, and Nortel as members. The TCG is a vendor-neutral alliance which is working on ways to standardize how network hardware and security products communicate in a NAC deployment.
