- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
Learn how network-wide routing and CoS traffic visibility can help ensure your CoS traffic and converged IP service delivery
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
| Clear Choice Test: NAC | |||||||||
|
|||||||||
Cost: Starts at $13,995
Score: 4.38
The ForeScout CounterACT appliance monitors trunk and span ports on the switch to which its attached, sniffing network traffic to understand the status of devices and ensuring they adhere to the required security policies. For example, employees that are authenticated against an Active Directory domain can adhere to one set of policies while guest users, not being a member of the corporate Active Directory domain, must adhere to a different policy.
CounterACT uses Nmap to identify the role any device on the network and dynamically assign it to a device group for access purposes. For example, a printer is identified and placed in the printers group. This process cuts down on administration overhead, as new devices do not need to be explicitly excluded as they do in some other deployments of network-access control.
In addition to the standard clients and server used as part of the test bed, CounterAct also identified the VoIP phone, TiVo, and PDA on the network. Overall, using Nmap, a staple tool in any security professional’s arsenal, makes the management of all the embedded devices the easiest of all products tested.
For testing, we configured the CounterACT appliance on the network core Cisco 3750. That let us to control all aspects of our network from one switch and gave the appliance a view of all network traffic. Scalability is an obvious concern here, in that all network traffic passes through this single box. Testing scalability was beyond the scope of this review, so we don’t have a definitive answer on that point. We can say that ForeScout provides multiple appliances to meet varying scalability requirements, with the high end supporting 2,500 devices and 1GB throughput.
To support remote-access connections, ForeScout provides plug-ins for the CounterAct appliance that provide its NAC functions for popular VPN products. The plug-in for the Cisco VPN Concentrator used in our testing supports full endpoint assessment and enforcement functionality.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
