Interim NAC strategy

Clarifying issues surrounding this emerging security architecture

NAC would prove useful enough to one potential user of the technology that he is considering buying an interim NAC product for use over the next three years with the long-term intention of shifting to Microsoft's NAC flavor, network access protection (NAP). (Compare NAC products)

An important feature the product chosen must have is that it be clientless because with desktop management software and antivirus software and VPN software already on corporate machines, he just doesn’t want one more client to deal with.

For that he already thinks that he will use Microsoft’s NAC client that comes as part of XP Service Pack 3 and Vista client software.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

NAC would prove useful enough to one potential user of the technology that he is considering buying an interim NAC product for use over the next three years with the long-term intention of shifting to Microsoft's NAC flavor, network access protection (NAP). (Compare NAC products)

An important feature the product chosen must have is that it be clientless because with desktop management software and antivirus software and VPN software already on corporate machines, he just doesn’t want one more client to deal with.

For that he already thinks that he will use Microsoft’s NAC client that comes as part of XP Service Pack 3 and Vista client software.

Meanwhile, the company has about 1,500 employees with more than 100 consultants that need network access at any given time, and he would like to know whether they have had their antivirus software (Compare antivirus products) updated recently. He realizes that doesn’t ensure the machines are clean, but it reduces the likelihood that they are infected.

That level of risk mitigation is valuable enough that he is willing to spend $60,000 for an interim NAC solution until he feels NAP will be fully featured enough in three years. Then he will switch over to NAP.

The product chosen must also require no alterations to existing network infrastructure such as switches and firewalls in order to enforce NAC policies. He doesn’t want to have to re-work virtual LANs.

The big problem he faces is convincing the people who control budgets at his business that NAC will have a return on investment. He says that he is relying on the argument that the cost of cleaning up viruses that manage to sneak onto the network via un-scanned machines would outweigh the investment in NAC.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.