Juniper Heats up Access Control Race

Juniper puts up a dedicated network access control product against rival Cisco's offerings.

Networking equipment maker Cisco Systems Inc. finds itself with a formidable new competitor in the emerging area of network access control, as Juniper Networks Inc. has joined the fray with its first NAC offering.

Juniper this week is unveiling its first dedicated NAC product, the Enterprise Infranet Controller, a hardware appliance that coordinates policy enforcement across enterprise networks using the companys NetScreen firewalls.

Last week, Cisco announced an update to its Network Admission Control program that extends NAC features from the companys routers to its Catalyst switches and enterprise wireless gear.

Ciscos extension of NAC is the first major update to the program in a number of months and adds support for a wide range of Catalyst switches, including the 6500-, 4500- and 4900-series platforms; Aironet access points; and wireless LAN controllers.

Adding NAC features to switches will allow Cisco customers to address two key sources of infections on enterprise networks: users in remote offices, such as those operated by retail organizations, and mobile workers connecting over home broadband or wireless connections, said Bob Gleicoff, chief technology officer in Ciscos Security Technology Group, in San Jose, Calif.

Checking security policies at switches, as opposed to routers, also allows employers to address security issues, such as virus signature updates or operating patch levels, before a machine has been given an IP address, Gleicoff said.

/zimages/2/28571.gifClick here to read about Ciscos network optimization products.

Juniper is taking another approach to the access control problem with its Enterprise Infranet Controllers.

The rack-mounted devices work with desktop agent software and new software features on Junipers firewall platforms to enforce network security policies, said Andrew Harding, director of product management at Juniper, in Sunnyvale, Calif.

The Enterprise Infranet Controller line comes in two models: the 4000 and 6000 series, which can support 3,000 and 25,000 hosts, respectively. Both units can be clustered to support large deployments, Harding said.

Junipers Enterprise Infranet Controller acts as a single decision point for NAC. It connects back-end identity and access management systems with Junipers Infranet Agent client and NetScreen firewalls that enforce network policies.

The technology can prevent compromised systems from accessing the network, or it can isolate infected systems that have already authenticated from other vulnerable systems on a network.

The Enterprise Infranet Controller can work without a software agent, using a Java applet to do compliance and security checks, according to Harding.

The University of Nevada, Reno, is preparing to deploy the Enterprise Infranet Controller on residential networks used by more than 2,000 students, said Jeff Springer, network security manager at the university.

The university chose the new product to take advantage of its existing NetScreen infrastructure. The Enterprise Infranet Controller will allow the university to link problems, such as infections and illegal file sharing, back to a particular user, rather than just an IP address, according to Springer.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.