- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
This week, we've released the findings of the industry's most in-depth, hands-on evaluation of network access control gear available today.
Network World Lab Alliance member Joel Snyder tested how adequately NAC products work together to limit network access for endpoints that don't meet policy requirements. Each of these products (more than 30 in all) was running in an environment defined by the Cisco-controlled CNAC architecture or the more standards-based NAC plan championed by the Trusted Network Connect (TNC) working group of the Trusted Computing Group (TCG).
With a test like this it is tempting to trot out headlines such as "The great NAC smack-down: Cisco vs. every other vendor."
But as reader advocates, we need to be encouraging Cisco and TNG (as well as Microsoft, which has yet to finalize its NAC plans) to work on a single interoperable NAC architecture.
"This is not a case where the industry is better off with competition and choice," Snyder says. "We can have plenty of choice within a standards-based framework. We just want NAC products that can work cooperatively."
To that end, here are some points NAC players need to take to heart:
* Cisco's customers would be best served if the company concentrated its NAC efforts on transforming its infrastructure gear into state-of-the-art enforcement points.
* Microsoft, as the owner of the client world, should immediately jump in with TCG/TNC on a single means of incorporating clients into the NAC fold. Likewise, Microsoft should not insist on rolling out a NAC policy server that runs only on Windows.
* TCG/TNC needs to revisit its tight-lipped communications policy pertaining to future developments in its architecture.
At the end of two months of testing NAC products, Snyder concluded that for very simple NAC deployments, either CNAC or TCG/TNC NAC pass muster. However, both fall short of the mark if an enterprise wants to move beyond Windows XP endpoints and virtual LAN quarantines.
If NAC is going to make it to the next level where it can support non-Windows clients and devices, and segment access based on more sophisticated mechanisms, such as stateful firewalls, we need to see more cooperative industry effort from market leaders that have a lock on the network infrastructure market, start-ups with the agility to introduce innovative software-based approaches to the problem, and industry groups claiming to hold the collective customer's interest at heart.

Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...

We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment