- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Network access control is a huge topic of discussion in IT and a focus of activity among vendors. Over time, the acronym has become almost generic through overuse and the definition varies. When I asked IT executives how they define it, the core of consensus is that NAC revolves around three things:
* Admission control, which is the ability to selectively let hosts attach to the network and stay attached — a key to NAC, according to all who answered this question.
* Health checks, which is the ability to see that connecting systems are up to date on patching, antivirus and the like, made part of the definition of NAC by a majority of respondents.
* Access control, which is the ability to say which hosts can see or do what while attached. A minority of those surveyed cite this as ideal in a NAC system. A CISO at a financial-services company explains this feature as “the ability to validate end-systems prior to gaining access and then controlling where they are allowed to go once they are on, much like user management should be."
Few of the respondents actively practice NAC now. Being able to connect to the VPN is the extent of NAC for most external hosts, for example, and there is no access control on LAN ports. Only about 14% of respondents apply endpoint checks for application and operating system patching; the presence of firewalls, antivirus or antispyware; USB-attached devices; and password strength. However, nearly 60% wish they could be applying checks at least for firewalls, antivirus and antispyware tools, and about 40% desire password and operating system checks. Less than a third want application checks.
Cost and complexity explain most of the gap between the level of checking desired and implemented; NAC can require added network infrastructure and sometimes upgrades to existing network equipment, for example, to support the 802.1x standard for authenticating network access at the switch-port level. Although few are spending anything on NAC yet, everyone feels future spending on NAC is likely (most feel certain) to go up.
Applying admission, health and access controls on endpoints sounds enticing. But until it can be done without network overhauls and with more broadly interoperable protocols, adoption is likely to be slow and spotty.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment