Lockdown Networks tunes up Enforcer NAC

Clarifying issues surrounding this emerging security architecture

Lockdown Networks is tuning up its Enforcer NAC appliance so it doesn’t bog down network access during emergencies, when traffic might be greater than usual.

Depending on which Lockdown appliance a customer uses and what policies it is enforcing, the gear can handle hundreds of users per minute and more capacity can be added by adding more appliances.

But during emergencies, when more workers than the NAC deployment was designed for are trying to connect to the network, the gear could be overwhelmed, causing a bottleneck to access at just the wrong time.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Lockdown Networks is tuning up its Enforcer NAC appliance so it doesn’t bog down network access during emergencies, when traffic might be greater than usual.

Depending on which Lockdown appliance a customer uses and what policies it is enforcing, the gear can handle hundreds of users per minute and more capacity can be added by adding more appliances.

But during emergencies, when more workers than the NAC deployment was designed for are trying to connect to the network, the gear could be overwhelmed, causing a bottleneck to access at just the wrong time.

New software for the devices allows suspending use of NAC. So if the bulk of users start accessing the network from home during a disaster rather than coming into the office, NAC rules can be changed so the appliance is not overwhelmed and does not become a barrier to getting on the network during an emergency.

In this case alternate policies can kick in that speed up NAC such as admitting devices without scanning them if they have already passed endpoint checks within the past 24 hours. That is a less tight way of making sure that only compliant machines get on the network, but it may be a good short-term tradeoff to lost productivity because people are locked out.

The company is also introducing a new enforcement mode for its gear that uses RADIUS communications protocols to talk to switches. Until now the devices enforced NAC by controlling standard switches via SNMP and command-line instructions. This enables the Lockdown appliance to enforce policies per port.

Lockdown says leveraging RADIUS protocols means less overhead than using SNMP.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.