Skip Links

Network World

  • Social Web 
  • Email 
  • Close
073007-nac-test-banner.html
Clear Choice Test: NAC
NAC alternatives hit the mark | NetResults | Test archive
Inside this test package
13 product summaries
Main story links

InfoExpress attempts a sort of peer-to-peer NAC enforcement

By Mandy Andress , Network World , 07/30/2007

InfoExpress

Cost: $40 per user

Score: 3.15

InfoExpress approaches network-access control with a product that requires zero network-infrastructure changes. With the InfoExpress Dynamic NAC for Windows product, policies are controlled from a central policy management server, but enforcement is handled by distributed agents residing on trusted systems, called Enforcers.

These agents are not special systems, but rather could be any trusted device running the InfoExpress DNAC agent. For example, on a network segment of trusted corporate laptops, several of those devices will be acting as enforcers to help manage unauthorized traffic coming from new, unauthorized users or authorized users that happen to be out of compliance with policy.

Think peer-to-peer NAC where a militia of Enforcers work collectively to protect your LAN.

Together, these distributed Enforcers watch network traffic (the company doesn’t disclose its secrete sauce, but our educated guess is that they are looking for address-resolution-protocol requests and broadcasts). With this reconnaissance, the Enforcers identify systems without the appropriate agent in place and respond to directions from the central management server about how to treat endpoints after compliance assessments have been performed. The Enforcers then handle the quarantine measures for noncompliant machines by blocking the endpoint’s network access except for traffic allowed by policy.

Enforcers also can handle guests and other unmanaged devices by redirecting them to a captive portal where they can pick up compliant agent software.

This product has the potential to scale efficiently, because the more systems you add to the network, more Enforcers you can designate.

In addition to the agent software, DNAC has three other major components. The Policy Server communicates with all agents – both those serving as Enforcers and those not serving in that capacity – to see whether they are in compliance. The Policy Manager is a separate application used just for policy development. The Reporting Server collects information from the Policy Server for reporting purposes, which is easily accessible from a separate Web interface.

For testing, we installed the server components on a central Windows 2003 server and installed agents on our several of our Windows' systems.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.