- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Network access control represents the most significant change in the way that networks are secured since the invention of the firewall. But it’s also contentious, confusing and — when done right — complicated.
With the stampede of vendors laying claim to NAC territory, IT managers are now presented with an overwhelming number of architectures and tools designed to help create a strong link between users, end systems and access to network resources.
In an effort to provide some insight into how each may or may not fit into your network, herein is a breakdown of their similarities and differences.
NAC is a broad new buzzword, and security and network vendors all have ideas about how best to give their products and services a place in the NAC universe. The major
NAC schemes we examined were Cisco's Network Admission Control, Juniper's Infranet, Microsoft's Network Access Protection and the Trusted Computing Group’s (TCG) Trusted Network Connect.
Before diving into the who's who of NAC, it's important to understand its basic elements (see NAC primer).
There are three fundamental approaches to NAC based on where the access control is being enforced in the enterprise: edge control, core control and client control.
Edge control takes the principle of the firewall and pushes it to the edge of the network, where systems connect. If you are protecting a LAN, the individual switch port becomes the NAC control point. If you are working with a VPN connection, the IPSec concentrator or the SSL VPN device is in charge of enforcing access controls. In a wireless environment, the access point or wireless switch plays the NAC role.
In the core control schema, controls can be enforced anywhere in the network providing it's in deeper than the edge device. You could insert a NAC device inline, or as a passive tap, between edge switches and the core, where it would collect authentication and endpoint-security information, and then enforce the appropriate access control policy.
I also lost internet access, and resorted to "uninstall KB951748 & KB951978". Access returned. Tried...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment