Microsoft-Cisco Security Fight Hurts Us All

There's an old African proverb which says, "When two elephants fight, it is the grass which gets trampled."

Network security pros know how it feels to be a blade of grass, because the Microsoft and Cisco pachyderms are fighting over network security standards, and the losers, once again, are the folks on the ground.

The companies are working on competing end-to-end security architectures based on Remote Authentication Dial In User Service (Radius), which has become the de facto standard for authenticating users who access networks remotely. Cisco customers must use the Cisco Access Control Server for Radius authentication, while Microsoft customers have to use Microsoft Windows Internet Authentication Service (IAS) Radius Server.

The two standards don't interoperate. So if you have a network with Cisco hardware and Microsoft software, you might ultimately be stuck with paying for, installing, maintaining and troubleshooting two sets of Radius servers, one from Microsoft and one from Cisco.

The two companies couch their disagreement as being about technology. Don't believe them. It has to do with control and money. In an insecure computing world, security pays well, and whoever controls the security standards stands to gain big-time.There is a potential solution, however. The Trusted Computing Group (TCG), a consortium of companies including McAfee, Intel, Sygate, Juniper Networks, IBM, Hewlett-Packard, and Sun Microsystems, among others, is working on an open, standard architecture that would allow you to mix and match security software and networking hardware from any vendor. (Microsoft is a member of TCG, while Cisco isn't.)

It's time to put the pressure on Microsoft and Cisco to work together, and make sure that at a minimum their security architecture is interoperable. Better yet, get them to adhere to an open security standard, and you'll be able to protect your network with the least cost and the minimum amount of effort.