- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
Start-ups ConSentry Networks and Nevis Networks have stepped into the network access control ring with in-line enforcement products that promise high levels of security with minimal impact on existing network infrastructures.
In this Clear Choice Test we found that ConSentry's LANShield CS2400 Controller coupled with its InSight Command Center management system comes closer to that mark with an enterprise-ready package that has only a few rough edges. Nevis' LANenforcer 2024 appliance coupled with its LANsight Security Manager trails in comparison because of overall design issues and more than its fair share of bugs.
Performance tests for ConSentry, Nevis
How we tested NAC products
Archive of Network World tests
Subscribe to the Network Product Test Results newsletter
At the core of LANShield and LANenforcer are very high-speed, high port-density, stateful firewall devices and intrusion-prevention systems (IPS). Both claim a maximum of 10Gbps throughput and a capacity of 1,000 users. They have many potential uses, such as traditional firewalls in a data center or as rate-limiting IPSs, but the buzz around NAC in the last 12 months has been deafening, and both products are being positioned -- at least this week -- as NAC solutions.
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
The use case goes like this: Enterprises want to implement NAC, but they want to minimize changes and upgrades to their installed LAN switching infrastructure. The LANShield and LANenforcer boxes we tested have 10 and 12 pairs, respectively, of Gigabit Ethernet ports. Install either device next to your core switch. For each uplink from a wiring closet, use a port pair to run the traffic through the device before passing it to the core switch. This gives you a control point -- both companies call their devices controllers rather than security switches -- to authenticate users, apply highly detailed per-user stateful firewall controls, and use as an internal IPS.
We looked at these products as NAC devices and focused on four areas critical for any NAC deployment: authentication and authorization, endpoint-security posture assessment, traffic enforcement, and system management (see "How we tested NAC products"). We are assessing the performance of these products in a separate test and will post those results when they are available.
Comments (1)
ConSentry edges out Nevis in in-line NAC appliance testBy Anonymous on December 18, 2006, 7:53 amThe breakdown totals 110%. Wow.
Reply | Read entire comment
View all comments