Enterprises Get the NAC

By Cameron Sturdevant  |  Posted 2006-02-06 Print this article Print

Network access control, as practiced by Forescout Technologies , combines fairly vigorous PC client checks with ongoing monitoring and modest 802.1x-like switch port control to reduce damage caused by network insiders.

Network Access Control, as practiced by Forescout Technologies, combines fairly vigorous PC client checks with ongoing monitoring and modest 802.1x-like switch port control to reduce damage caused by network insiders.

Click here for eWEEK Labs review of Forescouts CounterAct 5.1.
The current state of the art for the fast-evolving and still nebulously defined NAC space usually adds a heavy dose of user identity to the characteristics listed above to achieve the level of control needed to satisfy auditing requirements and provide peace of mind for IT managers.

As this year unfolds, IT managers will likely be confronted with an increase in threats brought into the protected network by mobile machines, along with a growing list of vendors that have adapted products to provide some sort of NAC function.

Forescouts CounterAct, just one such product among many, started life as an anti-worm appliance. Version 5.1 of CounterAct adds extensive client configuration checking capabilities—if the client doesnt match the predefined admission policy, then network access is denied or severely curtailed.

There are some basic questions that IT managers should answer before embarking on a NAC project. One of the most important: agent or agentless?

Forescouts CounterAct and Vernier Networks EdgeWall are agentless NAC solutions. The Host Property Scanner that is bundled with CounterAct 5.1 allows the appliance to check for components such as anti-virus and software patches along with operating system version information. Other products, including Senforce Technologies Endpoint Security Suite, use agents to perform endpoint integrity checks.

With agentless technologies, there are no installation or maintenance costs on the endpoint systems—costs that agent-based solutions will incur.

The advantage of many agent-based tools is that they often can maintain client health even when disconnected from the network, preventing problems such as the installation of malware.

During the course of the year, network infrastructure providers are expected to come out with their own NAC solutions. For example, Cisco Systems Network Admission Control and Juniper Networks Unified Access Control will be based on the vendors respective infrastructure devices and will check endpoint configuration to further enforce internal network security.

Tools that detect anomalous network behavior, such as Arbor Networks Peakflow X and newcomer Snipe Network Securitys NetGuard, also perform NAC functions on the internal network and will continue to play an important role in internal network security.

One thing is clear already in the nascent NAC arena: It will take a combination of approaches to ensure that endpoint devices are correctly configured and free of the malware that could harm internal network resources.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel