- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
| Clear Choice Test: NAC | |||||||||
|
|||||||||
Our all-in-one test bed for network-access-control products comprised:
· Windows 2003 Active Directory and Juniper Funk Radius servers for authentication purposes;
· Cisco Catalyst 3750 and Extreme Summit switches for LAN access;
· Cisco 3000 series VPN Concentrator and Juniper IVE for remote-access connections;
· A Proxim AP-2000 wireless access point for wireless links;
· Fortinet FortiGate UTM device and a Juniper SSG firewall acting as perimeter firewalls.
Here is a diagram of the test bed (.pdf. file).
We also had in place an Asterisk PBX server for VoIP connections, a Windows Server Update Services to supply automated patches to our machines and a Kiwi syslog server used for alerting testing purposes.
Client systems accessing the network were HP Compaq laptops running Windows XP SP2 with varying patch levels. We also had Sophos AV and ISS Proventia Desktop firewall software running on the clients.
The network was split into multiple virtual LANs for servers, guests, remediation activity, users and VoIP/Printer devices (see network diagram). The 2003 Active Directory server maintained a default schema configuration for user and group structure. Groups and users were defined to replicate a functional organization structure with employees, contractors and developers, for example.
We installed each product in the lab environment after consulting with the vendor on the best approach based on the lab setup. We then proceeded to test each product in that areas of authentication, endpoint assessment, enforcement and management, as outlined above.
< Previous story: A general guide for testing NAC products | Return to main: NAC alternatives hit the mark >
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment