- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
| Clear Choice Test: NAC | |||||||||
|
|||||||||
Cost: $32,185 for 1,000 users
Score: 3.55
Bradford Networks' NAC Director is a contained, appliance-based product that takes a slightly different approach to network-access control than the majority of products tested. NAC Director provides port-based NAC functionality that does not require upgrading your entire network infrastructure to support 802.1X.
The NAC Director connects to a network-access switch (list of supported switches can be found here), monitors connection activity and takes control when necessary for enforcement measures. NAC Director also can function in a standard 802.1X environment, so that a company can start with a switch-controlled NAC deployment and then migrate to 802.1X once their infrastructure has been upgraded.
LockDown Networks’ Enforcer is the only other product that functions by directly controlling the switch in this fashion. Others either rely on self-enforcing agent software or place an in-line device on the network that changes virtual-LAN tags on the fly or applies firewall rules to block traffic.
By using an SNMP connection or using the switch’s command line interface to directly log into it, the NAC Director monitors new connections and state changes (such as link up or link down), assigns specific connections to VLANs and blocks access when necessary. All of these actions are carried out in accordance to how users’ roles and NAC policies are defined within NAC Director.
In testing, we received the expected network connections and access rejections at all times. That said, we did not run a large load of network traffic behind our NAC connections to test the device’s capabilities through the noise, so to speak. The bigger concern with this approach may be convincing network engineers to let a third-party product make direct configuration changes to gear under their purview.
Both monitoring and enforcement duties can be enabled on a per-switch port basis, so administrators can choose which ports on the switch are enabled for NAC connections and which ones are not. We configured several ports on our Cisco 3750 switch to enforce NAC policy and left the remaining ports as unenforced. NAC Director worked as expected, “ignoring” the unenforced ports, but properly identifying and enforcing any noncompliant systems -- such as a system not running our approved antivirus client -- connected to an enforced port.
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment