- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
| Clear Choice Test: NAC | |||||||||
|
|||||||||
Cost: $37,000 for a 1000-user license
Score: 3.7
Check Point Integrity NGX brings to fruition the integration of the endpoint-security technology purchased with Check Point's ZoneLabs acquisition and Check Point’s signature firewall-product line.
You’ve got some options with this product. In both cases the Integrity client conducts all of your endpoint assessment. From there, you can then have the Integrity client do the NAC enforcement by perhaps putting in desktop firewall rules to block network access.
This is not ideal, however, because you likely don’t want all your security blocking capabilities sitting out on an endpoint that could be compromised. To that end, Check Point offers what it calls “cooperative enforcement” (all other vendors just refer to this process as plain, old enforcement). Check Point's scheme means that the Integrity client software can combine with network-access devices, such as an enterprise firewall, a remote-access VPN concentrator or an 802.1X-supported switch to block physical network access if the endpoint is not in compliance.
For testing, we opted for cooperative enforcement and installed Integrity on a Windows 2003 server and integrated it with a Check Point NG firewall for LAN access. We also tested Integrity’s integration with the Cisco’s IPSec VPN connections for remote-access ties. While you can tell from the relatively clean management interface that CheckPoint is pushing to manage all these necessary NAC pieces in an integrated fashion, but the company in not fully there yet. All of the Juniper NAC work together more completely to provide more NAC functionality as well a granularity for setting and maintaining policies.
For guest access, CheckPoint doesn’t have a captive-portal option, which is pretty standard across competing products. Company representatives explained that you could implement some restrictive rules placed on the Check Point NG firewall for guest endpoints or direct them to Web page with a custom message from the security administrator telling them how to ready their machines for better access. But this is far from seamless access for guests.
Integrity uses two types of agents. Standard agents provide a universally defined policy option set by IT that can be completely hidden from the user, with all control maintained by the Integrity administrator. Flex agents provide an interface to users letting them create their own personal security policies in addition to the corporate policies.
- on-demand, instant resourcing: you can request 200 new compute instances and you can get them, there...- Craig Balding
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment