Customers must find out what a vendor means by "NAC support.
The problem is that key components aren't available, making interoperability impossible to test beyond limited beta versions of Microsoft's NAP platforms. On the upside, 75 vendors have pledged to make their gear interoperable with Microsoft NAP components when they become available.
- The Spectroscopy of Flames.
- Network Access Protection (NAP).
- Network Access Control - Wikipedia.
- Change management : a guide to effective implementation.
- When NAC Meets NAP!
Regardless of vendor choices, enterprises must know what network challenges they are trying to solve before they embrace NAC, says Joel Snyder, senior partner at Opus One and a member of the Network World Lab Alliance. Surprisingly, many businesses are leaping into NAC without first defining the business need that will warrant the investment, he says. It wanted to control visitor and student access to network resources but keep the infrastructure as open as possible, says Jon Schroth, director of technology at the school.
Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control
He also didn't want to rip out hardware or be responsible for installing software on user devices, he says. Schroth chose Vernier's EdgeWall appliance, which authenticates users, scans their machines and imposes policies based on data drawn from the school's Active Directory servers.
Because EdgeWall sits between access and core switches to enforce policies, it works with the school's mix of HP ProCurve and 3Com switches without altering network topology. For now EdgeWall works and probably will be sufficient until the school's next switch upgrade in two years. Even if he already had them, it would have cost extra to implement NAC on them, he says.
Lemm also ruled out Extreme's access-control system based on its Sentriant devices. At the time he looked at it last year, it screened at Layer 3 but not all the way to Layer 7, which is what he was looking for, he says. He chose Juniper's Infranet Controller policy engine in conjunction with Microsoft Internet Authentication Service authentication server to determine what kind of access end devices should get.
Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control - 程序园
Extreme switches and Juniper Integrated Security Gateway devices combining firewall, VPN and intrusion detection serve as enforcement points. The deployment prevented a lot of switch replacement, but it's not ideal, he says.
Juniper needs an enterprisewide management system for all the pieces of its NAC system to save administrative time. Some early users, such as Great Canadian Casinos, have bought into a single vendor's scheme. The company wanted to lock down access in public spaces, such as lobbies and conference rooms, where guests might log on, Ward says. The Nortel gear scans the devices trying to log on and enforces access policy via Nortel switches in the network.
The endpoint check calls for the device to boot up its browser, which is a drawback, Ward says, but Nortel says it is working on a browserless version. Important to Ward is that the Nortel architecture support other vendors' enforcement points, not just certain Nortel switches.
Because Great Canadian is growing through acquisition, it is likely to buy a business entity whose network is built with another vendor's switches, Ward says, explaining that he would not want that diversity to stall universal NAC deployment.
Aruba ClearPass for Secure Network Access Control
In its favor, Nortel has interoperability with other vendors' gear in compliance with TCG specifications, the company says. The bottom line on NAC is that while it may be a young and not yet fully defined technology, it can deliver value in the right circumstances. Look at NAC with an eye to how it is evolving, Whiteley says, so future security and network acquisitions fit into the still-developing, broader NAC architectures. NAC and you Before you decide whether network-access control products are right for your enterprise….
How important is NAC compared with other security initiatives I am working on? How much network disruption can I afford when implementing NAC? In some out-of-band systems, agents are distributed on end-stations and report information to a central console, which in turn can control switches to enforce policy. In contrast the inline solutions can be single-box solutions which act as internal firewalls for access-layer networks and enforce the policy.
Out-of-band solutions have the advantage of reusing existing infrastructure; inline products can be easier to deploy on new networks, and may provide more advanced network enforcement capabilities, because they are directly in control of individual packets on the wire. However, there are products that are agentless, and have both the inherent advantages of easier, less risky out-of-band deployment, but use techniques to provide inline effectiveness for non-compliant devices, where enforcement is required.
Network operators deploy NAC products with the expectation that some legitimate clients will be denied access to the network if users never had out-of-date patch levels, NAC would be unnecessary. Because of this, NAC solutions require a mechanism to remediate the end-user problems that deny them access. Two common strategies for remediation are quarantine networks and captive portals :. Using NAC in a mobile deployment, where workers connect over various wireless networks throughout the workday, involves challenges that are not present in a wired LAN environment.
When a user is denied access because of a security concern, productive use of the device is lost, which can impact the ability to complete a job or serve a customer. In addition, automated remediation that takes only seconds on a wired connection may take minutes over a slower wireless data connection, bogging down the device. From Wikipedia, the free encyclopedia.
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Archived from the original on October 5, Retrieved Archived from the original on March 14, Categories : Computer network security.
Hidden categories: CS1 errors: deprecated parameters CS1 maint: BOT: original-url status unknown Articles needing additional references from September All articles needing additional references All articles with unsourced statements Articles with unsourced statements from December