- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
 |
|---|
The way network access control is on everybody’s lips these days, you might think you have to do something about it right now — but you don’t.
There’s good reason for all the talk about NAC, which promises a combination of user ID, machine ID, machine configuration and access method determining whether a device should gain network access, and if so, how many resources it can access. If the device fails, it is brought automatically into compliance.
NAC technology also keeps track of key configuration metrics, if they change, the device submits to another admission scan. So if NAC detects that the personal firewall on a machine is suddenly turned off, the machine has to be rescanned and kept off the network until the firewall is turned back on. NAC can even turn it back on.
NAC’s potential makes it worth talking about. Another thing that makes it worth talking about is that so far, some of the best things about NAC are just that — talk. Most notable is Microsoft’s version of NAC called Network Access Protection, supported by Vista but waiting for an update to Systems Management Server. Cisco is working on its NAC client that won’t require adding extra appliances to the network.
Even though it’s not fully cooked yet, NAC can deliver benefits and must be tracked by IT executives looking to improve network security and to prove that it works. The practical applications must be targeted at specific needs, however.
For instance, Continental Airlines uses gear from ConSentry to check whether computers logging into its network adhere to corporate configuration policies. What is more important, the devices look for evidence of machines executing malicious code and block just the malicious traffic, says CISO Andre Gold.
Manned space flight business Astrium North America in Houston uses Lockdown Networks’ NAC appliances to scan machines before they access the network and limit what they do when they are on the network. This keeps classified data protected and generates reports that prove the company meets its confidentiality obligations, says George Owoc, Astrium’s director of business administration.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment