Cisco, Anti-virus Vendors Team on Network Security

Brennan_Murphy at Brennan_Murphy at
Wed Nov 19 00:30:00 UTC 2003

I think port security is what determines whether or
not a box is allowed onto the network. If you know that
all of your conference room jacks are patched into 
switch X blades Y-Z, then you apply security to those
ports. If you have a *NIX box in a server room, you
obviously drop the mcafee security requirement for that
port. I havent read through the documentation but that's
my guess. 

The corporate network security market is looking for
a way to ensure that only machines with up to date
security policies (AV, FW, IPS) are allowed on the
network...with ways to distinguish printers, from
workstations/servers... etc...

-----Original Message-----
From: owner-nanog at [mailto:owner-nanog at] On Behalf Of
Sean Donelan
Sent: Tuesday, November 18, 2003 3:48 PM
To: Valdis.Kletnieks at
Cc: nanog at
Subject: Re: Cisco, Anti-virus Vendors Team on Network Security 

On Tue, 18 Nov 2003 Valdis.Kletnieks at wrote:
> > Without the secret handshake Mac OS, Linux, Solaris and other 
> > operating systems will not be able to connect to a Cisco 
> > Self-Defending Network which limits its usefullness for ISPs.
> A *nix without a secret handshake is like a fish without a bicycle.
> Yes, viruses *are* theoretically possible on these platforms, but 
> let's be honest here - even if you included all of the platforms, 
> you'd only intercept another 1% or so viruses, tops.

Well, if you let systems on the network without the secret handshake,
what's to stop people from connecting Windows boxes with the "security"
software disabled so it doesn't answer the "I'm Infected" question?  Or
the next virus can take over the Cisco secret handshake port and always
answer "I'm Ok" when ever the network asks it a question.

How does the Self-Protecting Network tell the difference between a
non-infected Mac or Unix machine from a Typhod Mary Windows bo if you
are depending on software on the system to answer the question?

Yes, some level of security works when every obeys the rules.  But the
current problem ISPs have is not everyone obeys the rules.

More information about the NANOG mailing list