Back in July 2007, Amith Krishnan, senior product manager for NAP at Microsoft, appeared on my podcast (StillSecure After All These Years podcast) to talk about Microsoft's announced support for the Trusted Computing Group's TNC standard, Trusted Network Connect.
As part of that announcement, Microsoft claimed they would open up the NAP agent to other platforms. But rather than develop Linux and Mac NAP clients, Microsoft would make the technology available for third parties who could create NAP agents for non-Microsoft operating systems. True to Amith's word, UNETsystem announced NAP compatible versions of their AnyClick product for Linux and Macintosh OS X operating systems. Microsoft NAP and network access control (NAC) are technologies I'm very familiar with, having created a product in this space with my former company, StillSecure.
One part of the UNETsystem Anyclick solution that's not so clear is who will be providing the NAP logic, often called NAP policies or security tests, for the NAP clients running on Linux and Mac OS X (and Windows OSs). The NAP client is just the mechanics of returning a thumbs up or down as to whether an endpoint gets on the network. The brains are really in a NAC policy management system. Celestix Networks announced they want to play in that part of the NAP ecosystem, but it remains to be seen if Microsoft and/or other vendors will lay claim to this important part of NAP. Avenda Systems is planning a product for Linux clients. Celestix Networks is a firewall, VPN company, and complex policy management may beyond an edge appliance player.
NAP policy management is the center of the universe in network access control and requires some pretty rock solid technology. A false positive or false negative could mean workers are inappropriately booted off the network, impacting business continuity and productivity. The policy management winners for NAP is still to be played out.
Mitchell Ashley is CEO and Chief Strategist of Converging Network, LLC, providing product and technology strategies to emerging technology companies. A serial entrepreneur, Mitchell has created many successful products and services in the networking, security, convergence, Internet and IT industries. In addition to blogging for NetworkWorld, Mitchell regularly blogs at TheConvergingNetwork and co-hosts the widely popular Still Crazy After All These Years podcast.
|
|
Not bad but
One thing I hope Microsoft and others think is the mobile devices. NAP is just one part of total security / management, IMHO the device is not the endpoint, the user is. With all the development on Windows Mobile, whatever they may get it right but it isn't yet. There is a huge amount of users who, even if denied the network access ( application access ), still need some access. Think alarms sent from mobile, they must be delivered, think position tracking, it should never be disabled, etc. NAP today seems more designed for fixed location devices/users but todays reality is mobility, lost and/or stolen devices, multiuser devices, devices roaming several networks, etc. So, as long as NAP is an isolated technology it would create nightmares as you say in last paragraph.
Thanks for your help
The NAP team and the SCCM team are a rock throw away from each other on the Microsoft campus. Since we were so close (joke :->) we decided to integrate our products! Woohoo! You can enforce, remediate and all the other cool jazz that NAP provides using SCCM 2007! Not too shabby.
download movies online