Linux and Mac OS X need NAC support too
Interop Labs test shows lack of endpoint checking support for users running Linux or Mac OS X
Sign up for this newsletter now!
Cloud Security|Cloud computing offers advantages over building and maintaining private data centers including flexibility, reduced maintenance and operations costs and the ability to employ lower powered, lower priced personal computers.
- Share/Email
- Tweet This
- Print
The Interop Labs test of NAC interoperability showed little participation by vendors that support checking endpoints running Linux and Mac OS X.
This is a continuing problem for businesses that want to deploy NAC but have users whose machines are run by these operating
systems. They can make accommodations to whitelist these machines, but that pretty much defeats the purpose of NAC, which
is to assure that endpoints first pass health checks and only then gain network access.
Whitelisting them gets them on the network, but abandons the goal of having all network devices in the proper security state,
the idea being that if they are compliant with the health policy, they are less likely to bring malware onto the network.
If they can’t find a suitable vendor that can support inspection of Mac OS X and Linux machines, they should look to alternatives
that monitor the behavior of all devices and that tosses those that violate behavior policies into quarantine. The example
used at Interop Labs is Great Bay Software’s Beacon Profiler, which can determine that a Mac OS X device, or Linux device
or even and IP phone behaves like these devices ought to behave.
Of course it’s better to have the NAC system perform the endpoint check in the first place rather than trusting that post-connect
monitoring can trigger a timely shutdown of badly behaving machines.
Support of all operating systems used on network endpoints is a feature that potential NAC customers should look for.
Tim Greene is senior editor at Network World.
Comments (3)
Macintosh yes, Linux maybe notBy toddhooper on May 1, 2008, 5:26 pmTim Interesting point re Mac and Linux deployments. We looked hard at this and talked to customers. Yes, there are a lot of Mac's out there, so we developed a...
Reply | Read entire comment
And Linux tooBy Michael Fine on May 1, 2008, 10:14 pmYes, Linux is supported too. Avenda Systems has a Linux NAP agent that checks numerous "health attributes" on Linux systems including firewall status and anti-virus...
Reply | Read entire comment
I always find responses likeBy Anonymous on May 2, 2008, 7:15 pmI always find responses like Todd's bizarre. Do you guys only sell to the US or something?
Reply | Read entire comment
View all comments