FAQ on NAC

Network access control stands out as one of the most promising security technologies, but it also is one of the most misunderstood.

By Network World staff, Network World
November 11, 2006 12:01 AM ET

What is NAC?

What are the major NAC initiatives?

Are Cisco and Microsoft playing nicely together?

Are there any NAC standards?

Are there stand-alone NAC products on the market?

What types of security functions are part of the NAC environment?

How does NAC work in practice?

Can other types of security products play a role in a NAC environment?

What are the key decision points regarding a NAC purchase?

What is NAC?

At a high level, as defined by Forrester Research, "NAC is a mix of hardware and software technology that dynamically controls client system access to networks based on their compliance with policy." But vendors, eager to get in on the NAC buzz, are often using the NAC label for products that are really only peripheral to the access control process.

What are the major NAC initiatives?

There are three: Cisco's Network Admission Control architecture; the Trusted Computing Group's (TCG) Trusted Network Connect (TNC) program; and Microsoft's Network Access Protection (NAP) architecture.

Are Cisco and Microsoft playing nicely together?

Microsoft's NAP architecture is a major factor in the NAC universe because of the pervasiveness of the company's server and desktop software. However, at this point, key components aren't available, making interoperability impossible to test beyond limited beta versions of Microsoft's NAP platforms. On the upside, 75 vendors have pledged to make their gear interoperable with Microsoft NAP components when they become available. This includes Cisco, with which Microsoft is developing NAP and Cisco-NAC interoperability. Cisco, which is pushing the IETF for NAC standards but does not participate in TCG, has about 30 partners shipping Cisco NAC-compatible gear and another 27 developing such products.