- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Senior Editor Tim Greene clarifies issues surrounding the evolving NAC security architecture.
Now that Microsoft has launched Windows Server 2008, customers have all the elements to use Microsoft's version of NAC known as network access protection (NAP). Or do they?
NAP provides client software that forwards health-check data to the NAC server to make enforcement decisions and can trigger enforcement actions in network devices.
To these rudiments many customers will either want to add more comprehensive analysis or to take advantage of existing network hardware and software that provide other value.
For instance, a security client that tracks the status of PCs could provide valuable, granular information about endpoints beyond what the Microsoft client can gather on its own. Similarly, NAP compliant network devices could act as enforcement points for NAP policies if they are interoperable with the Microsoft server.
To point out this value to their customers, some networking and security vendors chimed in at Microsoft’s Server 2008 event to announce their compatibility with the platform.
Foundry says its switches can act as enforcement points for NAP admission policies. NAP clients on Windows computers send health checks, they are evaluated by the Microsoft Network Policy Server in Server 2008 and based on the results, instruct the switches on setting access restrictions.
McAfee has plans to support NAP starting in March when it releases a new version of its NAC software. That platform performs health checks on endpoints trying to join networks. Integrated with NAP, the Microsoft NAP agent on the same endpoints can tap the health-check results and report them to the policy server for evaluation.
Symantec has announced similar compatibility between its system health agent that supplies a granular assessment of endpoint security and the NAP agent that will be available in April. It supports a range of enforcement options from client, to DHCP to 802.1x.
Avenda is introducing a NAP client for Linux endpoints that is compatible with Windows Server 2008 NAP features. So a business that moves to the new Microsoft server can have its Linux endpoints checked within a NAP framework.
Avenda is also introducing its Universal System Health Agent, software that grabs pertinent endpoint-posture data and can pass it off to a NAP client, providing a more comprehensive view into the endpoint.
Customers considering NAP should investigate whether their existing infrastructure can increase the strength of the Microsoft platform.
Tim Greene is senior editor at Network World.
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment