Category: News

Microsoft has published the patch through its Web site. It fixes a problem that installing XP SP2 creates with VPNs and can be downloaded here.

Once installed, XP SP2 can cause users to see a ‘cannot establish a connection’ message if a the machine tries to connect to IP addresses in the loopback address range, according to Microsoft’s Web site.

However, Redmond won’t be expecting too many hits on the patch yet. XP SP2 has only reached a fifth of the people Microsoft had hoped, missing its target by 80 million. The patch is the second Microsoft has been prompted to offer following the emergence of XP SP2.

Microsoft’s CRM product also needed a fix to become compatible with the service pack.

The VPN fix is one of the downloads that features in a pilot programme to test if users’ licences are genuine.

To download the fix, users are required to have their licences validated through Microsoft’s website.

http://news.zdnet.co.uk/software/windows/0,39020396,39167556,00.htm

Richard Cross, the automaker’s information security officer, warned against misleading doublespeak and promises of universal cure-alls.

“There is a temptation to go searching for a panacea, but if you find yourself speaking to a vendor and it sounds as though you are being offered a panacea, then it’s time to change the conversation,” Cross told attendees at the Gartner IT Security Summit in London this week. He added that in his view, many companies intentionally mislead customers.

The remarks drew a variety of reactions.

Ian Schenkel, managing director of security company Sygate, agreed with Cross that there are no panaceas. But he added that if there are any IT directors who have fallen for a misleading approach, it is in part because they have not done their homework. “Some IT directors are looking for the holy grail,” he said, adding that some have a tendency to only hear what they want to hear. What IT directors want to hear is that I’m the medicine man here to cure all their ills, but that simply isn’t the case. Companies should always be looking at a layered solution, involving multiple vendors. To expect a single solution is unrealistic.”

Some vendors say the problem of overselling is less severe than it used to be. Simon Perry, vice president of security strategy at Computer Associates International, said: “Five years ago, it was certainly true that most antivirus vendors were talking things up, but a growing sense of maturity and responsibility in the industry has definitely seen this decline.” Perry warned that companies that do oversell are in danger of not being taken seriously and jeopardizing their business. He said that typically it is smaller companies attempting to gain recognition in a crowded marketplace that may make bolder claims.

Schenkel conceded that the 1990s weren’t great days for honesty within the industry, or for the image of the IT vendor overall, but he added that much of the current negative press addresses little more than the kind of marketing that is rife in any competitive industry. “There is always going to be an element of jostling, with companies claiming theirs is the best product on the market, but that is just the software industry,” he said. “The bottom line is that companies still have to back up their claims.”

David Guyatt, CEO at Clearswift, told Silicon.com he would support any industry initiative and codes of practice that would effectively expose any company making exaggerated claims.

http://news.com.com/Toyota%3A+Some+security+firms+promise+too+much/2100-7355_3-5377287.html?part=rss&tag=5377287&subj=news.7355.5

Cisco has been ranked as one of the top three most trusted security product vendors and one of the top three most trusted security service providers in two surveys done by the Yankee Group.

The Yankee Group 2004 Managed Security Services Survey found that of 606 enterprises, Symantec, Cisco and VeriSign rank as the three most trusted security service vendors. In another survey, the Yankee Group 2004 Enterprise Security Services survey, Cisco, Cisco, Symantec, and Network Associates ranked as the three most trusted vendors of security products.

Waterfield also noted that firewalls and antivirus tools are the security products most valued by enterprises.

http://www.networkingpipeline.com/showArticle.jhtml?articleID=47900555

SBC Communications (Quote, Chart) will design, install and manage the project using IP phones and network equipment from Cisco Systems.

The Ford VoIP deployment will occur over three years and impact the headquarters and other facilities in southeast Michigan.

Profits aside, the Ford contract could serve as a case study for SBC and Cisco to present to other large corporations that may have misgivings about VoIP.

Ford is expected to save money over its Centrex (define) phone system in several areas, including the decrease in its long-distance bills. The company also expects system maintenance to decline by shifting voice and data onto a single IP network. Also, IP telephony service makes handling employee moves more efficient, because businesses can scale up or down without calling vendors or ordering new cards.

http://www.internetnews.com/infra/article.php/3410681

The two companies have each proposed competing “end to end” security architectures, marking the latest evolution in network defense–an approach concerned not only with scanning for viruses but also with policing networks to deny connections to machines that don’t conform with security policies.

But for now at least the twin offerings are not interoperable. That means customers might be forced to choose between using technology from one company or the other, unless the two tech giants can strike a deal to guarantee compatibility.

Both Microsoft and Cisco are working on “end to end” network-security setups–systems concerned not only with scanning for viruses but also with denying network connections to machines that don’t conform with security policies.

Bottom line: Unfortunately for customers and their already-tight security budgets, the technologies being pursued by the companies aren’t compatible. But at least one group is already working on an architecture that will use open standards so customers can use technology from any vendor.

Choosing could be tough, given that both companies thoroughly dominate their respective markets: Microsoft has a monopoly in desktop operating systems, and Cisco’s share of the corporate network routing market exceeds 70 percent.

Microsoft and Cisco say they are working to ensure interoperability.

But at this stage, it’s difficult to know how quickly the two sides will come together and what the resulting security plan will look like–or if it’s even feasible to bridge the gap between their technologies at all. “We know how important it is for us to interoperate with Cisco,” said Steve Anderson, director of Microsoft’s Windows server group. “But we’re both big companies, and it takes a lot of time to work this stuff out. Bill Gates and John Chambers have already been talking. We expect to announce the first step in this process sometime this fall when we announce an interoperability agreement.”

A decision is crucial to customers, who now face the prospect of spending their already tight security budgets on running incompatible architectures.

At the heart of the debate is the Remote Authentication Dial In User Service, or Radius, the de facto standard for authenticating users accessing networks remotely. In each of the proposed architectures, the companies use their own Radius servers to centrally enforce security policy and provide administration of user profiles. With Cisco’s architecture, customers must use the Cisco Access Control Server. With Microsoft’s setup, customers are forced to use the Microsoft Windows Internet Authentication Service, or IAS, Radius Server. Cisco Systems, Microsoft and the Trusted Computing Group vendor consortium have all developed plans for comprehensive business security architectures. Currently, the two Radius servers are not interoperable.

This means customers using Cisco networking gear and Microsoft operating software could be forced to install and manage separate Radius servers from each vendor.

Security experts are skeptical that an interoperability agreement for the Radius servers would help much.

“The two approaches are fundamentally different,” said Bill Scull, senior vice president of marketing for Sygate, a security software maker. “I’m not sure how they could interoperate.”

At stake is the success of a new movement in network management that treats security more holistically. As the effects of malicious virus and worm attacks, such as those involving the Sobig and MyDoom viruses, become more costly, companies are looking for solutions that combine traditional virus scanning with network policing to keep attacks from ever entering the network in the first place. Networking, security and software companies have joined efforts to develop more proactive solutions.

Cisco and Microsoft have been at the forefront of this effort, and the success of their plans will be crucial in the fight against new attacks. Late last year Cisco announced its Network Admission Control, or NAC, architecture. In June the company announced it had completed the first phase of the architecture by introducing NAC software on its IP routers. Support on its switches is due in the first half of 2005.

In July, Microsoft announced its Network Access Protection or NAP architecture, which is scheduled to be available sometime in 2005, the company said.

The concepts behind each of the architectures are very similar. Before a user logs on to a network, his or her computer must check in to a third-party machine, controlled by the network administrator, to ensure that the machine meets policy requirements. If it does, the user is allowed access to the network. If it doesn’t, the user’s connection is funneled to a restricted virtual private LAN, where the user can make changes, or have changes made automatically, to ensure policy conformance before being redirected to the main network.

Differences can divide. Though the overall concepts are similar, the two companies are approaching the problem differently. With NAC, Cisco is trying to solve the entire problem itself, end to end. The company has developed its own security software agents through partnerships with three key antivirus providers–McAfee, Symantec and Trend Micro–and technology it had acquired through Okena. These “Trust Agents,” as Cisco calls them, will run on clients as well as Cisco networking gear, such as Ethernet switches, IP routers, and firewall products. The agents will communicate with each other through a central policy server to ensure that endpoints are updated and following policy before they connect to the network. “We felt it was important to deliver a solution that worked end to end,” said Bob Gleichauf, chief technology officer for Cisco’s security networking group. The fact that we are building a little agent to sit on clients is because networks extend all the way to the client.”

By contrast, Microsoft has opted to focus its NAP architecture on its core competencies: host and server software. Microsoft plans to incorporate security agents as part of its operating system software, so that every desktop and server running Windows XP and Windows Server 2003 will be wired for NAP. Microsoft’s current architecture does not include a networking element per se, but the company has partnered with a number of networking gear vendors so that they can hook into the NAP via a central server.

While Cisco has not signed up as a partner to NAP, several of its competitors already have, including Juniper Networks, Enterasys and Extreme Networks.

Open standards are key It will likely be customers that eventually force the two sides to work together, since both companies have a vested interest in selling their own security agents and Radius servers. A consortium of vendors called the Trusted Computing Group is already working on an architecture that will use open standards, so that customers can use Radius servers, security software or networking gear from any vendor. The group, which announced its plans in June, includes companies such as McAfee, Intel, Sygate, Juniper Networks, Hewlett-Packard and Sun Microsystems. Microsoft is a member of TCG, but Cisco is not. TCG supporters complain that though Cisco and Microsoft claim they are willing to work with partners, they seem to still be trying to keep pieces of their solutions proprietary to lock in customers to using their products. “Clearly Microsoft and Cisco would love for their architectures to dominate,” Scull said. “And by pushing their own solutions they ensure that customers continue to buy their products.”

For example, Cisco announced in June that it is expanding its antivirus partnership program to include more security vendors, but it did not mention opening its NAC architecture up to other networking competitors.

Even though Microsoft is creating a platform that more than 30 vendors can plug into, its NAP architecture only works in a pure Microsoft environment, which includes the client as well as a suite of back office servers.

http://news.com.com/Cisco%2C+Microsoft+in+security+showdown/2100-7355_3-5370427.html?tag=cd.lede

Programmers are trying to imbue Web pages with intelligence.

And work is underway to re-engineer the network to reduce spam and security troubles.

Stephen Crocker and Vinton Cerf were among the graduate students who joined UCLA professor Len Kleinrock in an engineering lab on Sept. 2, 1969, as bits of meaningless test data flowed silently between the two computers. By January, three other “nodes” joined the fledgling network.

Then came e-mail a few years later, a core communications protocol called TCP/IP in the late 70s, the domain name system in the 80s and the World Wide Web — now the second most popular application behind e-mail — in 1990.

Today, Crocker continues work on the Internet, designing better tools for collaboration. And as security chairman for the Internet’s key oversight body, he is trying to defend the core addressing system from outside threats, including an attempt last year by a private search engine to grab Web surfers who mistype addresses.

Network providers now make only “best efforts” at delivering data packets, and Crocker said better guarantees are needed to prevent the skips and stutters now common with video.

Working with NASA, Cerf is also trying to extend the network into outer space to better communicate with spacecraft. But many features being developed today wouldn’t have been possible at birth given the slower computing speeds and narrower Internet pipes, or bandwidth, Cerf said.

While engineers tinker with the Internet’s core framework, some university researchers looking for more speed are developing separate systems that parallel the Internet. Think information highway with an express lane.

Semantic Web is a next-generation Web designed to make more kinds of data easier for computers to locate and process.

http://networks.org/?src=ap:internets-birthday