A lot of people have been worried about the security levels present in Windows Vista, particularly since so much of the network code is being written from scratch instead of of ported from XP. One of the most difficult is assuring a secure connection before even allowing a user to log on - which is the goal of your Network Access system, which makes sure that only the computers and users that should
be connected end up being the ones that are
connected. Well, network admins can breathe a little easier now that Cisco and Microsoft have announced a partnership
between their views on network access.
Formerly, a network admin could only choose Cisco's NAC (Network Admission Control) standard or Microsoft's NAP (Network Access Protection) standard for a network. Each has its own pros and cons, but both have been around for a while and can be circumvented by a hacker who understands which standard he or she is working with. But since Microsoft was retooling all of this stuff in Vista and Longhorn to begin with, it decided it should consult Cisco - the resulting partnership is a frankenstein's monster that is bound to confused even some of the most dedicated network undesireables..
Rather than being forced to choose between the two security standards or even just allow them to work side by side, Microsoft and Cisco have changed the implementation to allow different aspects of each security standard to be deployed, with guaranteed interoperability. The result? In order to either keep or spoof a health certificate (the bit of code that allows computers to be considered 'secure' before logging on to a configured network), one now will need to know exactly what portions of each system are implemented. These will depend entirely on what the network admin sees as the weakest links.
This change in standards is a tremendous security boon - it's much like formerly having an exactly 8-character password containing only letters, and suddenly having an up to 16 character password allowing alphanumerics and special characters - before you're even allowed to see a login screen. Though it is certainly not an 'uncrackable' solution (and only one small part of network security), it will add a dimension of security that was lacking in all previous versions of Windows software.
The complete changes are expected right around Longhorn's official release date, which will then be made into an update for Windows Vista clients. The beta testing will begin nearer to the end of this year.
Have you got a thought on the new partnership? Are you a network admin who is excited to see this happen, or do you think it won't do much at all? Let us know your thoughts in our forums