NAC buying tips

Clarifying issues surrounding this emerging security architecture

There's finally some NAC product testing to read, comparing two network switches that control access to and activity on networks.

In the test article, Network World Test Alliance member Joel Snyder compares Consentry Networks' and Nevis Networks' appliances that enforce NAC.

The story is pretty thorough in discussing the specifics of the products, but it also warrants close reading for its incidental discussion of these products as they fit into the larger NAC landscape. Readers can glean tips on things to look for when the time comes to evaluating products they might buy.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

There's finally some NAC product testing to read, comparing two network switches that control access to and activity on networks.

In the test article, Network World Test Alliance member Joel Snyder compares Consentry Networks' and Nevis Networks' appliances that enforce NAC.

The story is pretty thorough in discussing the specifics of the products, but it also warrants close reading for its incidental discussion of these products as they fit into the larger NAC landscape. Readers can glean tips on things to look for when the time comes to evaluating products they might buy.

For example, Snyder discusses that one of the tested products uses media access control (MAC) addresses of machines for authentication and that the mechanism works as advertised. But he also offers this: "Because MAC-based authentication offers such poor security… [this] approach … significantly weakens an overall security model." Yes the feature works, but step back and consider whether it imposes sufficient security.

Or in discussing the products' ability to check endpoints for compliance with security posture policies - such as whether virus libraries are current - he notes the shortcomings of all such checks: "After all, having an antivirus engine installed with up-to-date signatures says nothing about whether you're infected with a virus." These checks have a certain value, but it is important to keep in mind exactly what that value is and not to credit them with doing more than they do.

Check out these reviews for specifics on the products, but also use it to build a grid of features to look for and questions to ask when it comes time to buy. And give credit to ConSentry and Nevis for putting up their gear for scrutiny so early in the game.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.