Network World
Wednesday, November 25, 2009
DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools
073007-nac-test-banner.html
Clear Choice Test: NAC
NAC alternatives hit the mark | NetResults | Test archive
Inside this test package
13 product summaries
Main story links

Cisco NAC Appliance hits on basic enforcement, but lags in advanced features

Cisco Systems

Score: 3.03

Porn plus Facebook can lead to embarrassment, perhaps worse
11/25/09
The mechanism behind a click-jacking attack that was spread by luring in Facebook users with a link to a porn site has the potential to do more damage than just embarrassing those who fall for it.

The evolving branch office
11/25/09
In a recent newsletter we introduced the concept of Application Delivery 2.0. One of the steps that IT organizations are taking in order to support the requirements of application delivery 2.0 is to implement a next generation branch office. As the next three newsletters will demonstrate, the next generation branch office represents a multi-year movement away from branch offices that are IT-heavy to ones that are IT-lite.

SANS official talks security
11/25/09
This is the second of two parts of an interview of Stephen Northcutt by technologist David Greer.

Cost: Pricing starts at $18,000 for Clean Access Server and Clean Access Manager.

Cisco’s NAC Appliance 4.1 (formerly called Cisco Clean Access) provides basic network-access-control functionality, such as antivirus and patch-status checks, but remains behind many of the other vendors in this space because of the inability to perform assessment checks beyond initial connection.

We reviewed CCA 3.4 in 2005 and beyond increased coverage for the antivirus market and new support for Windows Update services, we can’t point to any significant enhancements in the endpoint assessment or reporting areas between the two versions. Cisco’s biggest changes occurred in the authorization/authentication arena with the addition of single sign-on with Active Directory and integration with its Cisco VPN Concentrator product. From an enforcement perspective, Cisco now includes the ability to launch a remediation program if an endpoint fails its integrity check. None of these additions are particularly innovative, but rather are features that exist across the set of products tested.

The product has two main components and agent software. The Clean Access Manager provides centralized management features, while the Clean Access Server (CAS) provides the distributed enforcement capabilities. You can have multiple CASs deployed across your network, all managed through the single platform, which is a fairly typical scalability standard across the field of NAC products tested.

For testing, we placed the appliance running CAS in-line between the access and distribution layers of the network, which is typical of the in-line products tested.

Many other LAN-deployment options are available, such as placing it in an 802.1X-based network (see how that works in the NAC architecture test) or running it out-of-band, where it controls an access switch. Cisco NAC Appliance can also tap into Cisco’s VPN Concentrator to provide posture assessments and enforcement for remote-access users, which provides single sign-on for users. We verified this integration with IPSec only. Cisco also claims SSL VPN integration.

Review: Cisco NAC lags competitors in advanced features By Cisconet on July 30, 2007, 2:26 pm Reply | Read entire comment Network-access control is a buzzword of epic proportion. And as is the case with much of larger-than-life industry vernacular, products with even the slightest aspect...

CIsco NAC: Did Cisco get a fair shake at the test? By Cisconet on August 22, 2007, 1:25 pm Reply | Read entire comment The man who wrote the book about Cisco NAC doesn't think so. Read what Jamey Heary, author of Cisco NAC Appliance, and Cisco Subnet blogger had to say about the...

All comments (2)

Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."

*Anonymous comments will only appear once they are approved by the moderator.

Copyright 2008 Network World Inc.