Microsoft, TCG get closer on NAC

The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together.

At the Interop trade show in Las Vegas on Monday, TCG, a non-profit industry consortium, announced a new specification for its trusted network connect (TNC) software platform that will allow products built on the standard to integrate directly with Microsoft's network access protection (NAP) infrastructure.

Officials from TCG and Microsoft  said the move will enable a wide range of NAC technologies made by different vendors to now be able to integrate more smoothly, allowing customers to simplify installation and management of the tools.

NAC products, including Microsoft's NAP, are used to identify and authenticate devices attempting to log onto a network to ensure that they have permission to gain access and can pass a series of security health checks.

In addition to keeping unauthorized visitors off company networks, the systems promise to prevent infected devices from spreading any malware they might carry by scanning for abnormalities and updating onboard security applications.

Some NAC technologies also continue to scan devices after they have entered a network to protect against hidden attacks and control access to individual software applications.

While NAC technologies have been on the market for several years, many customers have expressed frustration with a lack of interoperability between products, leading to high levels of complexity and slow adoption.

By linking TCG's standard, supported by a wide number of vendors, with Microsoft NAP -- which is already embedded in the company's Vista desktop operating system and will be integrated into its Longhorn server products when they are released later this year -- customers will have much brighter prospects for getting NAC tools to work as they have been advertised, industry leaders said.

"We've been hearing from customers that NAC is confusing, that there is too much incompatibility between systems, and they want us to agree on standards to improve performance," said Steve Hanna, co-chair of the TCG's TNC workgroup and a distinguished engineer at Juniper Networks. "We heard those complaints loud and clear, and as a result of this specification there will be easier implementation; we think this should go a long way toward removing significant barriers to adoption that people have been experiencing."

In addition to removing fears over a lack of interoperability between various NAC systems, the new specification should also help ease concerns on the part of customers over committing to any one vendor's version of the tools and potentially limiting their future alternatives, Hanna said.

While Cisco Systems, which claims to be the leading provider of NAC technologies today, has not signed on to support the TCG specifications, the company has already announced a partnership with Microsoft to support its NAP architecture.

Having the support of Cisco for the TCG platform would be ideal, Hanna admits, but the new specification still represents a "watershed" moment for NAC because it allows so many technologies to work together in new ways.