Net access control: Ready? ... Or not?

LAS VEGAS - Network companies at Interop last week pushed a clear message about how network security should work: Hardware devices identify users at the network port level, provide virus scanning and authentication services, then allow or deny network access based on strict role-based policies. Whether this actually works or when it will be widely available is less clear.

Network access control (NAC) demonstrations and product offerings were in the booths of established network vendors such as Cisco, Nortel, Enterasys and Extreme Networks; start-ups such as ConSentry, Lockdown Networks and Nevis; and security companies such as Internet Security Systems and BlueCoat Systems. But observers at the show said the industry is a long way from agreeing on how best to handle and build NAC systems.

Attendance for Interop's 20th-anniversary spring show was up around 2,000 from last year to an estimated 18,000, with some previously missing big names - Microsoft among them - returning to the Mandalay Bay Convention Center this year.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

LAS VEGAS - Network companies at Interop last week pushed a clear message about how network security should work: Hardware devices identify users at the network port level, provide virus scanning and authentication services, then allow or deny network access based on strict role-based policies. Whether this actually works or when it will be widely available is less clear.

Network access control (NAC) demonstrations and product offerings were in the booths of established network vendors such as Cisco, Nortel, Enterasys and Extreme Networks; start-ups such as ConSentry, Lockdown Networks and Nevis; and security companies such as Internet Security Systems and BlueCoat Systems. But observers at the show said the industry is a long way from agreeing on how best to handle and build NAC systems.

Attendance for Interop's 20th-anniversary spring show was up around 2,000 from last year to an estimated 18,000, with some previously missing big names - Microsoft among them - returning to the Mandalay Bay Convention Center this year.

Video: The skinny on NAC
Senior Editor Denise Dubie talks with Steve Hultquist of Infinite Summit and the iLabs NAC lead about the current state of Network Access Control technologies.

Despite the business-like tone, there were livelier activities such as free beer in the booths on Tuesday afternoon and interactive exhibits such as flight simulator and hockey slap shot kept the mood on the exhibit floor lively. Abundant technical content balanced off the suds and fluff, with a lineup of live product demos of security, VoIP and wireless gear.

Security and the trend toward access control-based products were core to the show.

Within 18 months to two years, Microsoft's Network Access Protection, Cisco's Network Admission Control and the Trusted Computing Group's (TCG) Trusted Network Connect will establish themselves; and SSL VPN vendors will defer to whichever ones prove viable and popular, said Joel Snyder, senior partner at technology consulting firm Opus One and a member of the Network World Lab Alliance, who ran the Interop SSL VPN Day. Meanwhile, SSL VPN vendors offer a broad range of endpoint-checking software that varies widely in its capabilities. He said most vendors won't spend a lot more effort on these protections in anticipation of the separate network access initiatives.

"Here's a prediction - endpoint checking won't ultimately be in the VPN box," he said. "It will be in a NAC box. There will be just a thin layer of endpoint checking [in the SSL VPN gateway] that punts off to policies that are defined on a different box."

One network professional said the days of putting network ports on desktops and managing security issues after the fact are over.

"I really want role-based security in place," said Peter Hricak, senior manager, network operations for Lucasfilm, the entertainment firm behind the "Star Wars" series and a creator visual effects for other films. "That's something that we're seriously looking at - to get authentication-based policies applied. I want to know who a user is, and give them rights only to what they're allowed to do."