InfoExpress

Cost: $40 per user

Score: 3.15

InfoExpress approaches network-access control with a product that requires zero network-infrastructure changes. With the InfoExpress Dynamic NAC for Windows product, policies are controlled from a central policy management server, but enforcement is handled by distributed agents residing on trusted systems, called Enforcers.

These agents are not special systems, but rather could be any trusted device running the InfoExpress DNAC agent. For example, on a network segment of trusted corporate laptops, several of those devices will be acting as enforcers to help manage unauthorized traffic coming from new, unauthorized users or authorized users that happen to be out of compliance with policy.

Think peer-to-peer NAC where a militia of Enforcers work collectively to protect your LAN.

Together, these distributed Enforcers watch network traffic (the company doesn’t disclose its secrete sauce, but our educated guess is that they are looking for address-resolution-protocol requests and broadcasts). With this reconnaissance, the Enforcers identify systems without the appropriate agent in place and respond to directions from the central management server about how to treat endpoints after compliance assessments have been performed. The Enforcers then handle the quarantine measures for noncompliant machines by blocking the endpoint’s network access except for traffic allowed by policy.

Enforcers also can handle guests and other unmanaged devices by redirecting them to a captive portal where they can pick up compliant agent software.

This product has the potential to scale efficiently, because the more systems you add to the network, more Enforcers you can designate.

In addition to the agent software, DNAC has three other major components. The Policy Server communicates with all agents – both those serving as Enforcers and those not serving in that capacity – to see whether they are in compliance. The Policy Manager is a separate application used just for policy development. The Reporting Server collects information from the Policy Server for reporting purposes, which is easily accessible from a separate Web interface.

For testing, we installed the server components on a central Windows 2003 server and installed agents on our several of our Windows' systems.