Products that aren't designed for Windows XP or Windows 2000

Anti-Windows Catalog

We practice what we preach at Pan-Am Internet Services

Search Products By:

Cisco's Cone of Silence

Written by Gordon Fecyk, 11/10/2008

A system to keep out-of-date computers off a network until they're updated makes sense on the surface.

But what if your updates come from the network? Then you get the Cisco Cone of Silence.

SINCE COMING TO THE LAND OF Life, Liberty and The Pursuit of Happiness, I've seen a few technologies designed for the sole purpose of defeating all of the above. Most, I've seen before, like anti-virus software, proxy servers, web filters, traffic filters, even firewalls behind firewalls. I get the impression that the level of Internet access in the American workplace rivals that of the People's Republic of China.

But as far as anti-abuse technology goes, nothing has quite met the level of irony I've come to know and laugh at, like Cisco's Network Access Control system. Also known as the Cisco Clean Access system, or as I've come to know it, the Cisco Cone of Silence.

FOR ANYONE UNDER THE AGE OF THIRTY, or who have never watched the recent Get Smart movie, or who have never lived in an American college dorm in the past five years, allow me to explain the Cone of Silence...

...imagine a network where your computer wasn't allowed to talk on the network unless its software was fully up to date. Your computer would need the latest operating system updates, the latest application updates and the latest anti-virus updates installed before it could work on the network. On the surface, this seems like a very good idea. Don't come in to play unless you're clean, right?

The problem? What if your updates come from the network? What if your Clean Access Agent ("Agent 86" of course) wouldn't allow your PC on the network to get the updates it needs so it can be on the network in the first place? Nearly every major security product supports updating via a local server or, in a worst case, the Internet. Popular operating systems -- not just Windows -- have update systems that obtain updates from a network source. And many applications, including non-Microsoft applications, support some form of network-based updating.

So what happens when your Cisco NAC-enabled computer gets updates from the network? Yes, that's right. You get the Cone of Silence. You can't get on the network unless you're updated, but you can't get the updates from the network because you're not updated. That is precisely what happened the first time I saw this thing deployed. I can't make this stuff up; it's just too funny. Privacy matters aside, "Agent 86" does a wonderful job of keeping out-of-date computers off the network. For good.

TO BE ABSOLUTELY FAIR, I'm sure this was just a configuration error and there is some way to make "Agent 86" allow an out-of-date computer to get updates. In the meantime, I'm not recommending this thing until more important matters are addressed.

However, I can't help but laugh out loud alongside the Linux religious fanatics at the dripping irony of keeping Windows PCs off the network. Cisco's done more to further their cause than any Windows-based virus. Eat your heart out, China!

Related Links:

Editor Log On:
Sign up to get an editor account.



[Catalog Home]




Product Roundups

What is the Anti-Windows Catalog?

Help for New Editors

Frequently Asked Questions

Recently Edited Categories:

Computers, Notebook

Media, Video

Game, Role Play

Scanner, ID Cards


Browse All Categories

Recent Commentaries:

The More Things Change, The More They Stay Secure

The devil you know, versus the Adobe you don't

Paying for things we get for free?

Jump! Jump! Jump! Jump! Or, Windows 8: Get Over It

Don't Fear the Start Screen

Browse All Commentaries

Pan-Am Home Page Valid HTML 4.01! All trademarks are property of their respective owners.