What can NAC do for you now?
Test of 30 products shows benefits, limitations of existing Cisco- and standards-based NAC schemes
By
Joel Snyder
,
Network World
, 04/19/2007
- Share/Email
- Tweet This
- Print
With a virtual lock on the Ethernet switching market, any enterprise IT manager has to consider Cisco’s product line as at least one network-access control option.
But how does a Cisco-controlled NAC deployment hold up against the more industry standards-based one offered up by the Trusted Network Connect (TNC) working group of the Trusted Computing Group (TCG) and backed by Cisco competitor Juniper Networks?
We conducted the industry’s largest public test of available NAC products, and found that for very simple NAC tricks, either
architecture will do. In both cases, once you step out of the world of Windows clients, IT personnel will be pushing the bleeding
edge of security technology, and need to be prepared for a longer-than-normal testing and deployment schedule.
However, for more complex NAC deployments where you’ve got to incorporate policies for guest users and agentless devices like
PDAs and printers, the combination of Cisco’s range of NAC-ready infrastructure gear and its marketing muscle that has corralled
more vendors to play its version of the NAC game, serves up a more mature, fleshed out ecosystem for implementing advanced
NAC configurations than the thinner rendition available from TCG/TNC partners.
Snyder is a senior partner at Opus One, a consulting firm in Tucson, Ariz. He can be reached at Joel.Snyder@opus1.com.

Snyder is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry
each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it
takes to become a member, go to www.networkworld.com/alliance.
See other stories in this package:
NAC authentication with XP clients is a snap
NAC enforcement tools fall short
Cisco, TCG deliver on basic end point security
NAC management can be a headache
Comment