Burning NAC questions – Part 2 - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Reduce the Complexity and Cost of Windows Server Consolidation in Six Modules Novell

Watch this webcast to learn in six modules how to more cost effectively consolidate your Windows servers with virtualization. This unique program allows you to pick and choose which of the six modules you would like to view or watch the entire webcast at once. Topics covered: Performance, Use Cases, Enterprise-level Support, Managing Windows Workloads, Setup and Configuration and The Future. Find out how you can simplify server consolidation within your organization today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

Most Westerners don't realize that most Chinese don't care about censorship, or even approve of it. There...- Anonymous

Join the Discussion

Burning NAC questions – Part 2

By Tim Greene , Network World , 10/17/2007
  • Social Web 
  • Email 
  • Feedback 
  • Close

Part 2 of 2. In second part of our look at important network-access control issues, we take a look at important questions surrounding Cisco, NAC implementation and NAC policies. Review part 1 here. 


Shouldn’t I just wait for Cisco?

Should I deploy a NAC appliance in-line or out-of-band?

What is the best method of enforcing NAC policies?


  Shouldn’t I just wait for Cisco?

There’s really no need to wait because depending on what you want out of NAC, Cisco may already have it.

And if Cisco doesn’t yet offer what you want, there is still no need to wait because you can get alternatives from other vendors.

Cisco has a NAC appliance that can check devices before they get network access for virus software that it is updated and turned on and whether patch levels meet policy.

That said, the device is criticized by some for what it cannot do. “Cisco remains behind many of the other vendors in this space because of the inability to perform assessment checks beyond initial connection,” says Mandy Andress in her recent review of the appliance for Network World.

For example, the device does not perform periodic rechecks of devices once they have been admitted to the network to make sure they maintain their security posture.

The Cisco NAC Appliance does afford multiple enforcement methods, including placing the device inline with traffic where it can restrict traffic directly, having it work in tandem with 802.1X authentication or running it out of band where it controls an access switch. It can also enforce NAC for devices attaching via SSL or IPSec VPN through Cisco gear.

There are other appliances from other vendors that do more, and if Cisco’s appliance comes up short, these others can fill the bill.

1 | 2 | 3 | 4 | 5 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code