Reviving the Perimeter

eWEEK Labs expects the pace of development of network access control products and the effectiveness of these tools to improve in 2006.

In 2006, network software and hardware vendors will continue to build new barn doors to make sure that when the horses return, in the form of endpoint devices including laptops and PDAs, only those not compromised with viruses or vulnerable configurations are allowed to access network resources.

Re-establishing the network perimeter is a laudable goal, but work at eWEEK Labs shows that keeping compromised machines off the network requires not only technology but also significant planning and policy development.

We expect that both the pace of development of network access control products and the effectiveness of these tools will greatly improve in the coming year.

We suggest senior IT managers prioritize evaluating network access control tools.

Specifically, we think next year is the time to outfit corporate testbeds with admission control devices to accelerate the use of these technologies in the enterprise.

In part, the situations urgency is driven by a steady increase in the number of application and operating system vulnerabilities; increases in the sophistication of all forms of malware; and a decrease, as reported by Symantecs Internet Security Threat Report, in the time between vulnerability and the release of exploit code.

Cisco announced on Oct. 18 the second version of its NAC (Network Admission Control) initiative, which is loaded with advances, including adding LAN tools to the NAC framework—technology that integrates anti-virus, anti-spyware and other third-party configuration-checking tools.

/zimages/5/28571.gifClick here to read more about Ciscos NAC initiative.

Ciscos NAC framework shouldnt be confused with Ciscos complementary NAC appliances, which provide use policies to assess and remediate endpoint devices.

Microsofts NAP (Network Access Protection), a platform in Windows Server "Longhorn," is expected to help ensure that Windows computers connecting to the network meet system health requirements when Longhorn ships late next year.

Cisco and Microsoft are making an effort to ensure the technologies work well together.

Even as Cisco and Microsoft develop these network access control offerings, others, including Vernier Networks and LANDesk Software , are providing tools that seek to provide network access control that works with and fills in gaps in the Cisco and Microsoft offerings.

It might turn out that as 2006 unfolds, IT managers find that advances in network access control will make a significant dent in the damage caused by infected machines, especially if anti-spyware and anti-virus software makers continue their trend of running a neck-and-neck horse race with malware makers.

Labs Technical Director Cameron Sturdevant can be reached at

/zimages/5/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.