Cisco Blogs


Cisco Blog > Digital and Social

Identity Based Networking Services (IBNS) December TechChat – Technology Foundation: Part I

November 17, 2008 at 12:00 pm PST

One of our speakers for the “Networks That Know You: Cisco Identity-Based Networking Services” December 11, noon Pacific Cisco Live in Second Life TechChat will be writing a series of blog posts to lay the foundation regarding the relevant technologies for the event. The hope is that this will expedite relevance for all attendees and stimulate a more immersive discussion during the live TechChat.Below is the first in this series focusing on 802.1X.


Has this ever happened to you? You’re visiting a customer or a vendor and the security guard insists that you leave your laptop with him while you’re inside the building. Or perhaps you are allowed to keep your laptop on the condition that you only plug into the yellow wall jacks labeled “Visitor.” In both situations, the end goal is the same: companies are trying to prevent unauthorized access to the network and networked resources. The first solution, though effective, is Draconian in its effect on productivity: why have a mobile device if you can’t get any work done when you’re on the road? The second solution has less impact on productivity, but there’s less security and no visibility. Once you’ve been let loose in the building, the honor system is all that keeps you from plugging into a green wall jack and gaining full access to the corporate network. At that point, there is no way to monitor what you are doing on the corporate network: all the IT administrators know is that you’re”supposed to be” in the yellow jack. Moreover, application level security is not enough to protect corporate assets from such accidental (or deliberate) incursions. Some legacy applications cannot be fully secured at Layer 7 and there are plenty of other vulnerable targets on the network.Fortunately, there is another way: leverage the intelligence of the network to identify each user as they come onto the network and dynamically grant the appropriate level of access to that user. This is the founding premise of Identity-Based Networking Services (IBNS), a Cisco solution for identity-based network access control. IBNS starts with 802.1X, an IEEE specification that describes how to authenticate users and devices in order to provide port-based access control. An 802.1X-enabled port drops all traffic until the connected device provides valid credentials. The only traffic allowed through the port is Extensible Authentication Protocol (EAP). EAP is a layer 2 protocol that allows devices to send passwords, certificates or tokens to authenticate themselves to the network. Once authenticated, the port is opened to other kinds of traffic, subject to the dynamic security policy that has (optionally) been applied to the port. image If it’s that effective, you may ask, why isn’t everyone doing 802.1X? The answer is -they are-on wireless networks. The adoption of 802.1X on wired networks has been slowed by several factors, not the least of which is that many legacy devices assume network connectivity at link-up and/or cannot support an 802.1X client (also called a”supplicant”). In a pure 802.1X environment, these devices would never be able to gain access to the network. Talk about a productivity hit! Asking visitors to leave their laptops with the security guard looks like small potatoes if the alternative is having all printers offline. Therefore, IBNS starts with 802.1X but it cannot end there. Deploying 802.1X in real-world wired networks requires a rich set of features that allows the network to enforce identity-based access control for all devices: printers, PCs, IP phones, guests, and so on. IBNS is an end-to-end solution that provides these features, making 802.1X a reality for wired networks. In future blogs, we’ll talk more about these features and how to deploy them to make any 802.1X implementation faster and simpler. We’ll also discuss new ways to control and customize users’ access to the network.Written by Shelly Cadora, PhD**Shelly will be one of our speakers during the December Cisco Live in Second Life TechChat. She is a technical marketing engineer for Identity-Based Networking solutions. She is a 10 year Cisco veteran with a CCIE in Routing and Switching (#16318). Prior to becoming involved with Identity and 802.1X, she was involved in the development of the ASA firewall and Cisco IP Telephony solutions.

Best of Virtual News : IMO

November 14, 2008 at 12:00 pm PST

I got a ping recently asking me to post more consistent blogs recapping my take on the top five virtual world announcements. The requestor was asking for a weekly recap-to which I replied ‘gulp, how about we start off with monthly’? So without further ado-here is my take on the announcements within the last (ok this blog will be more like a 6 week review) month in no particular order.1) Google Earth Gets “4D” Capabilities And Revives Ancient RomeI think the idea of being able to be immersed in a historic space to teach, explore, learn, or play will change the way different cultures view one another, increase the future generation’s awareness of the importance of world history and offer the opportunity for people who can’t travel to still immerse themselves in a place in time. How cool is that? Way, imo.2) Virtual Reality Helps War Heroes Recover From BurnsThis is one of the more heart warming uses of virtual reality, burn patients wear virtual reality goggles and immerse in a game called”Snow World’ (natch) to take there mind off of painful treatments they endure. Watch the below clip and see for yourself!VR has come a long way baby-3) A Realer Virtual WorldIn April we had a TechChat on the Internet of Things (which you can watch below) a concept of a world where inanimate objects communicate with us and one another over the network via tiny intelligent object. Recently Forbes wrote an article on an effort MIT has underway to build sensors designed to tie real and virtual worlds together. “These devices are designed to be like wormholes that let you tunnel through to a second reality,” says Joe Paradiso, MIT. “Second Life is detached. We’re tying it into the real world.”Sign me up for a badge ASAP!4) NASA Selects 3 Proposal Teams for Learning Virtual WorldBeing a space junky (yeah, shuttle launch tonight!) I paid attention when NASA announced they where creating a Massively Multiplayer Online Game (MMO). In late October NASA announced that they have whittled it down to three players who will present at Goddard Space Station, and yes I am jealous. You may ask why would NASA create an MMO? They sum it up well on their site,”The power of games as educational tools is rapidly gaining recognition. NASA is in a position to develop an online game that functions as a persistent, synthetic environment supporting education as a laboratory, a massive visualization tools and collaborative workspace while simultaneously drawing users into a challenging, game-play immersion.” Nuff said ;-) 5) Second Life Opens New World of Opportunity to Ontario StudentsThis article discuss how educators are using Second Life, blogging and other web 2.0 type tools to disrupt the normal learning process and engage more deeply with their students. This one is near and dear to our heart as well here at Cisco as we are passionate about technology and learning. In March we held a Second Life TechChat on Learning 2.0 which you can watch below, excuse the audio as it isn’t the best quality. Empowering teachers and students with technology-simply rules.I didn’t include one of my own posts — cause that would be totally shameless pandering, unlike what follows — about our Cisco Live in Second Life TechChat on the open developer Cisco Application Developer Platform taking place on November 20, 2008. We had our rehearsal today for this one and I think it is going to be a very interesting discussion. At the last moment we were happily able to add an external speaker to the mix. Corey Wilson is a Product Specialist at Sagem-Interstar for the XMediusFAX Fax over IP (FoIP) solution suite and he will discuss the new XMF SP and its use of the AXP interface to replicate faxes back to the data center based on available bandwidth. I encourage all you Linux developers to come out and explore the opportunities AXP offers and learn more about the Think Inside the Box contest now under way. We hope you can join us for this discussion in Second Life or on the web via this blog.Is there a piece of virtual worlds news that you think should have made the list? I don’t doubt it and encourage you to comment accordingly.

Get Your Ghoul On

October 27, 2008 at 12:00 pm PST

For many moons now the Cisco team had produced serious programming for virtual environments. To date we have only held one event that was solely produced as a reward experience for our virtual environment audience; the first year Second Life anniversary party we held in January 2008. That being said we are all about fun here in Cisco Corporate Event Marketing, really we are. So to that effect we are holding a Halloween party in Second Life on Frightday, October 31st, from 3:00-5:00 pm Pacific/Second Life Time at Cisco Live in Second Life.We will have free costumes, a game with prizes for the winners, and virtual candy for all attendees. Let us say”Thank you from Cisco” for supporting our virtual environment events and join us for a mix and mingle in a relaxed space. So come on out and trick or treat with the Cisco virtual environments team for a spooky good time! imageDannette CiscoSystems [aka moi] as your dark lord :-)

Watch the Archive of the Empower the Remote Workforce TechChat

October 21, 2008 at 12:00 pm PST

This TechChat featured Calvin Chai, Security Solutions Marketing Manager and Carina Reyes, IT Manager, Virtual Office Services, both from Cisco. During this TechChat, Chai and Reyes discussed the primary challenges businesses face in rolling out teleworking and how Cisco Virtual Office can help by providing extensible secure network services for business productivity, including data, voice, video, and wireless mobility.Listen to this discussion to understand the environmental factors and business trends for teleworking and how the combination of hardware, software, and services offered in Cisco Virtual Office address:* Flexibility and productivity for employees* Security for the remote workforce* Scaling IT resources* Business resilience and pandemic planning* Talent attraction and retention for the business* Green best practices and initiativesClick play below to view the archive of the event.Please complete a short survey on the TechChat.More resources:Dowload a PDF of the presentationLearn More About Cisco Virtual Office

Rock Band 2

October 19, 2008 at 12:00 pm PST

I am enjoying the new Rock Band 2 pages in the consumer area of Cisco.com.imageWorth a visit if you haven’t checked it out yet.