All-Access Pass?

 
 
By Cameron Sturdevant  |  Posted 2007-03-05 Print this article Print
 
 
 
 
 
 
 

Analysis: As NAC players debate, eWEEK Labs offers advice for determining when, where and if the technology makes sense for your organization.

Februarys RSA Conference included a panel discussion called "Network Access Control: Industry Giants Debate the Future." And debate they did: Cisco Systems bragged about 1,500 installed NAC clients; Microsoft said IP Security implementation was easy; and the Trusted Computing Group talked about the plodding pace of creating interoperable NAC standards. While this particular debate was friendly, its clear that these organizations are gearing up to put their respective NAC frameworks head to head in a contest to see whether midsize and large enterprises are going to be using network- or software-based procedures to check endpoints such as laptops, desktops and a whole host of other network-connected devices. Then theres the age-old contest of standards-based technology versus, as Kjaja Ahmed of Microsoft puts it, "methods that interoperate for the customer whether or not that process is standardized."
The panel discussion, which was attended by eWEEK Labs, included all the right organizations, as NAC technology is currently dominated by Cisco, Microsoft and the Trusted Computing Group.
Representing the companies were Russell Rice, Ciscos director of product management; Ahmed, architect, Windows networking security, for Microsoft; and Steve Hanna, distinguished engineer, Juniper Networks, representing the Trusted Computing Group. (Hanna is co-chair of the Trusted Computing Groups NAC initiative and co-chair of the Internet Engineering Task Forces Network Endpoint Assessment working group.) Despite all you hear about NAC these days, NAC frameworks are still relatively immature and unproven. Lawrence Orans, Gartner research director and the moderator of the NAC panel at the conference, put it rather bluntly, saying that the frameworks are so immature that Microsoft is not expected to have its NAP (Network Access Protection) ready until the new Windows Server platform ships—likely in the second half of this year—and that he has not seen a single Gartner client actually implement a NAC solution based on the Trusted Computing Groups work. Click here to read more about why you should "get the NAC" in 2007. Ciscos offering is called NAC Framework 2.0, with the "A" in "NAC" standing for "Admissions" rather than the more generally used "Access." The Trusted Computing Groups standards-based offering is called Trusted Network Connect. While the panel members couldnt agree on the primary drivers that were pushing NAC, several common ideas surfaced: NAC technology prevents "sick" systems—whether owned by an organization or brought in by guests—from connecting to the production network, limiting guest access to necessary applications and network resources such as the Internet. NAC technology also checks endpoints (such as laptops, desktops, PDAs and printers) to ensure that they are up-to-date with operating system and application patches, anti-virus signatures and personal firewall settings and that they are not running prohibited applications. Next Page: NAC in practice.



 
 
 
 
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel