- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Start-ups ConSentry Networks and Nevis Networks have stepped into the network access control ring with in-line enforcement products that promise high levels of security with minimal impact on existing network infrastructures.
In this Clear Choice Test we found that ConSentry's LANShield CS2400 Controller coupled with its InSight Command Center management system comes closer to that mark with an enterprise-ready package that has only a few rough edges. Nevis' LANenforcer 2024 appliance coupled with its LANsight Security Manager trails in comparison because of overall design issues and more than its fair share of bugs.
Performance tests for ConSentry, Nevis
How we tested NAC products
Archive of Network World tests
Subscribe to the Network Product Test Results newsletter
At the core of LANShield and LANenforcer are very high-speed, high port-density, stateful firewall devices and intrusion-prevention systems (IPS). Both claim a maximum of 10Gbps throughput and a capacity of 1,000 users. They have many potential uses, such as traditional firewalls in a data center or as rate-limiting IPSs, but the buzz around NAC in the last 12 months has been deafening, and both products are being positioned -- at least this week -- as NAC solutions.
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
The use case goes like this: Enterprises want to implement NAC, but they want to minimize changes and upgrades to their installed LAN switching infrastructure. The LANShield and LANenforcer boxes we tested have 10 and 12 pairs, respectively, of Gigabit Ethernet ports. Install either device next to your core switch. For each uplink from a wiring closet, use a port pair to run the traffic through the device before passing it to the core switch. This gives you a control point -- both companies call their devices controllers rather than security switches -- to authenticate users, apply highly detailed per-user stateful firewall controls, and use as an internal IPS.
We looked at these products as NAC devices and focused on four areas critical for any NAC deployment: authentication and authorization, endpoint-security posture assessment, traffic enforcement, and system management (see "How we tested NAC products"). We are assessing the performance of these products in a separate test and will post those results when they are available.
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
ConSentry edges out Nevis in in-line NAC appliance testBy Anonymous on December 18, 2006, 7:53 amThe breakdown totals 110%. Wow.
Reply | Read entire comment
View all comments