All-Access Pass?

Analysis: As NAC players debate, eWEEK Labs offers advice for determining when, where and if the technology makes sense for your organization.

Februarys RSA Conference included a panel discussion called "Network Access Control: Industry Giants Debate the Future." And debate they did: Cisco Systems bragged about 1,500 installed NAC clients; Microsoft said IP Security implementation was easy; and the Trusted Computing Group talked about the plodding pace of creating interoperable NAC standards.

While this particular debate was friendly, its clear that these organizations are gearing up to put their respective NAC frameworks head to head in a contest to see whether midsize and large enterprises are going to be using network- or software-based procedures to check endpoints such as laptops, desktops and a whole host of other network-connected devices.

Then theres the age-old contest of standards-based technology versus, as Kjaja Ahmed of Microsoft puts it, "methods that interoperate for the customer whether or not that process is standardized."

The panel discussion, which was attended by eWEEK Labs, included all the right organizations, as NAC technology is currently dominated by Cisco, Microsoft and the Trusted Computing Group.

Representing the companies were Russell Rice, Ciscos director of product management; Ahmed, architect, Windows networking security, for Microsoft; and Steve Hanna, distinguished engineer, Juniper Networks, representing the Trusted Computing Group. (Hanna is co-chair of the Trusted Computing Groups NAC initiative and co-chair of the Internet Engineering Task Forces Network Endpoint Assessment working group.)

Despite all you hear about NAC these days, NAC frameworks are still relatively immature and unproven.

Lawrence Orans, Gartner research director and the moderator of the NAC panel at the conference, put it rather bluntly, saying that the frameworks are so immature that Microsoft is not expected to have its NAP (Network Access Protection) ready until the new Windows Server platform ships—likely in the second half of this year—and that he has not seen a single Gartner client actually implement a NAC solution based on the Trusted Computing Groups work.

/zimages/5/28571.gifClick here to read more about why you should "get the NAC" in 2007.

Ciscos offering is called NAC Framework 2.0, with the "A" in "NAC" standing for "Admissions" rather than the more generally used "Access."

The Trusted Computing Groups standards-based offering is called Trusted Network Connect.

While the panel members couldnt agree on the primary drivers that were pushing NAC, several common ideas surfaced: NAC technology prevents "sick" systems—whether owned by an organization or brought in by guests—from connecting to the production network, limiting guest access to necessary applications and network resources such as the Internet. NAC technology also checks endpoints (such as laptops, desktops, PDAs and printers) to ensure that they are up-to-date with operating system and application patches, anti-virus signatures and personal firewall settings and that they are not running prohibited applications.

Next Page: NAC in practice.