Juniper Networks released a revamped version of its unified access control platform on Nov. 13, adding new features that promise faster installation and improved ability to enforce corporate security policies.
The companys Unified Access Control 2.0 package, which competes head-to-head with the NAC (Network Access Control) technologies marketed by longtime rival Cisco Systems, offers a number of upgrades over the previous iteration of the product, including the addition of technologies acquired by Juniper through its Nov. 2005 buyout of network security software provider Funk Software.
One of the primary benefits of UAC 2.0, compared to Ciscos NAC technologies, is that the system does not require enterprises to adopt Junipers networking gear throughout their operations, said company officials.
As such, businesses can use the software to begin layering new security functions on top of their existing infrastructure without investing significantly in additional network hardware, Juniper said.
Both Juniper and Ciscos access control technologies, and those made by other software providers, are meant to help companies protect their IT operations by carefully screening information about devices attempting to log onto their networks, and enforcing corporate security polices for endpoint systems including PCs.
For instance, if a users laptop has not been updated with the latest anti-virus signatures, or the device has been stolen and manipulated to load malware onto a companys network, it would be denied access by UAC until the system has remedied any problems.
With the addition of Funks Odyssey Access Client and Steel-Belted Radius tools, Juniper has added to its ability to provide access control across multivendor networks, giving the Sunnyvale Calif. company a significant leg up over Ciscos proprietary NAC technologies, said Karthik Krishnan, senior product line manager at Juniper.
“People want the advantages of access control solutions today, but they dont want to be forced to rip out all their hardware just to improve security,” Krishnan said.
He added that with the addition of the tools Juniper acquired from Funk, the company has become the vendor with the greatest ability to allow companies to implement access control quickly while leveraging their existing investments in network infrastructure.
In addition to allowing for external access to networks, the UAC 2.0 release also grants users of the software more ability to control admittance to corporate resources and applications, such as ERP (enterprise resources planning) systems.
Also, if a user begins behaving suspiciously while logged into such an application during a UAC-protected session, the technology can automatically suspend network and applications access until administrators investigate the activity.
Juniper specifically added elements of the Funk software tools that provide support for the 802.1x industry standard, including the softwares Infranet Controller, which serves as a centralized access control policy manager, and its UAC Agent, which is the systems downloaded endpoint software.
The technologies are used as a so-called 802.1x supplicant to authenticate or deny access to devices that integrate with access control systems.
Krishnan said that in doing so, UAC 2.0 has become the most flexible access control package on the market, based on its multivendor management capabilities.
The Odyssey Access Client and Steel-Belted Radius tools are also being made available by Juniper as stand-alone products.
While some experts have begun to point out potential weaknesses in access control systems, such as the ability to spoof the IP address of a trusted network device to sneak onto a protected environment, Juniper maintains that its product does not allow for such hacks.
For instance, UAC allows administrators to authenticate an endpoint devices identity before the system assigns an IP address, closing off that attack vector.
In another nod to emerging security concerns attributed to access control software, Junipers product forsakes the use of DHCP (dynamic host configuration protocol), a set of rules used by a device to request and obtain an Internet address from a server.
Some experts maintain that DHCP proxies, utilized in many access control technologies sold today, make it far easier for attackers to dupe network security tools.
Krishnan disputed security experts who have said that access control technologies remain immature, and too porous for businesses to trust completely.
“The market is still pretty nascent and our biggest challenge is education of customers, because as much as the whole concept seems well defined, there are a whole range of uses and applications that people may not have considered,” said Krishnan.
Krishnan said that for some, there may not be strong correlation between the problem they are trying to solve and all the capabilities of access control, but “we hear from a lot of enterprises who cant depend on patching to protect themselves anymore and need this additional layer of security that oversees all network access.”
