Skip Links

NAC, VoIP security draw questions at Black Hat

Jericho Forum of enterprise customers to issue white paper on network access-control concerns.

By Ellen Messmer, Network World
August 04, 2006 03:25 PM ET
  • Print

LAS VEGAS - At the Black Hat conference this week, security researchers drew attention to shortcomings in network access control and VoIP products, voicing criticisms that rang true to some enterprise network customers.

The range of NAC products on the market today to enforce endpoint security policy have fundamental design weaknesses that would let attackers bypass them through spoofing, inserting rogue servers and other methods, said Ofir Arkin, CTO at Insightix, during his presentation at the conference.

A NAC product "must be able to detect a new element connecting to the network and have the ability to verify whether or not it complies with a defined security policy," said Arkin, who categorized the NAC products today as agent-based DHCP proxy, broadcast listeners that use remote scans to identify network devices and 802.1X-based clients.

While mentioning only Cisco and Symantec NAC products by name, he detailed various attacks based on masquerading and spoofing that could foil detection across a wide range of products. He also noted that most products rely on agent software running on Windows or on proprietary switches and other equipment, which makes NAC hard to deploy in large organizations and incomplete in terms of monitored devices.

  • Print

Videos

rssRss Feed