Free Newsletters :
IT Management
Networks
Read More in Networks »

NAC: A User’s Guide

December 21, 2006
By

Jeff Vance



Jeff Vance



When Printers Act Like Mail Servers

Related Articles
he Many Myths of Endpoint Security

Boeing Grappling With Data Theft

Restoring Online Privacy

Security Flaw Could Ground Wi-Fi Users

FREE IT Management Newsletters

“What are you doing that would constitute a violation?” Whiteley asked. Some solutions take shortcuts, say, requiring IT to whitelist certain devices that can’t be scanned, such as faxes and printers. The premise is that those devices pose little risk to the network.

Related Articles
  • The Many Myths of Endpoint Security
  • Cisco VPN: Something Old, Something New
  • Choosing Vendors: The Linux vs. Microsoft Red Herring
  • Best of Executive Tech, Part 1

    • “This approach is not sufficient,” Whiteley argued. “The whitelists usually rely on IP and MAC addresses, which can be spoofed.” Better is a policy-based system that restricts a machine’s behavior as stringently as a user’s. “A behavior-based policy says that since a device is a printer, it shouldn’t be making a thousand connections per second. A printer wouldn’t do that.”

    The post-admission piece of the puzzle was pioneered in the WLAN space, with vendors like Newbury Networks and Bluesocket attempting to overcome the geographical spill of wireless signals (which penetrate through walls and out of the office, after all) by focusing on identity and role. The trouble with the wireless approach is repeating it on the wired LAN.

    Where, then, should organizations turn for useful NAC solutions? Unfortunately, the answer isn’t all that helpful: it depends.

    If you are a strictly Cisco shop, it makes sense to use their solutions, especially since they’ve been working with Microsoft on interoperability. If endpoint enforcement is your primary concern, Symantec and Elemental fit the bill.

    If you’re looking to segment the access process from network traffic, then the out-of-band solutions from ForeScout, Lockdown, and Juniper will work. Do you want a software only solution? If so, go with Endforce, StillSecure, or ExaProtect. If you’d prefer to focus on inline access control and policy enforcement, investigate the offerings from ConSentry, Vernier, or Nevis.

    Further down the road, the promise of NAC is that it will give IT more fine-grained control of networking. “NAC will eventually deliver a more intelligent usage of network resources,” O’Connell said.

    Eventually, the more sophisticated solutions will evolve from protecting against data leakage by, for instance, not letting developers access software code when in a public conference room to, perhaps, enabling differentiated quality of service based on identity and role.

    Next page: What to look for in a NAC solution

    123





    IT Offers






    Partners
    Partner With Us














    More IT Management
    CIO Update
    Datamation
    eSecurity Planet
    ITSMWatch
    Intranet Journal
    IT Career Planet
    Project Manager Planet
    Semantic Web
    Datamation Definitions






     

    internet.commediabistro.comJusttechjobs.comGraphics.com

    Search:

    WebMediaBrands Corporate Info

    Legal Notices, Licensing, Permissions, Privacy Policy.
    Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

    Solutions

    Whitepapers and eBooks

    Microsoft Articles: Visual Studio 2010
    Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications
    Microsoft Whitepaper: How Windows Server 2008 R2 Helps Optimize IT and Save You Money
    Adobe Article: Java Developers Finding a Home at Adobe Flex
    IBM Articles: A Smarter Business Needs Smarter Technology
    Intel Xeon Processor Increases Server Efficiency and Capabilities
    Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise
    Oracle Whitepapers - Innovation for IT Leaders
    Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT
    		 Internet.com eBook: IT Manager's Guide to Social Networking
    Internet.com eBook: Get Ready for Windows 7
    Microsoft Article: Expression Web 3--New Features for PHP Developers
    Whitepapers: Manage Your Business Infrastracture with IBM
    Whitepaper: Maximize Your Storage Investment with HP
    Internet.com eBook: Becoming a Better Project Manager
    Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration
    MORE WHITEPAPERS, EBOOKS, AND ARTICLES

    Webcasts

    Webcast: Connecting PHP to Microsoft Technologies
    Video: Microsoft Partner Program Benefits
    Video: Windows Azure Debugging Tips
    SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports
    		 IBM Webcast: Speed Business Innovation with Reduced Cost and Risk
    Video: Deploy Applications on Windows Azure
    MORE WEBCASTS, PODCASTS, AND VIDEOS

    Downloads and eKits

    Download: Microsoft Visual Studio 2010 Beta 2
    Downloads & Free Trials: Microsoft's New Efficiency Resource Center
    Get the Windows 7 SDK
    		 Free Trial: Red Gate SQL Backup Pro 6
    Iron Speed Designer Application Generator
    MORE DOWNLOADS, EKITS, AND FREE TRIALS

    Tutorials and Demos

    Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
    All About Botnets
    		 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES