- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
| Clear Choice Test: NAC | |||||||||
|
|||||||||
Cost: $30,000 for 1,000 users
Score: 4.18
Unified Access Control (UAC) is Juniper’s overall architectural answer to NAC. The company’s Infranet Controller server software lies at the center of the architecture, providing overall management and policy control for access and enforcement standards. Within the Juniper UAC deployment, NAC enforcement can occur through a generic 802.1X-configured network or through integration with Juniper’s security devices (a more complete discussion of Juniper’s 802.1X authentication success is here).
For testing, we used the Infranet Controller server in conjunction with a Juniper Secure Services Gateway (SSG) device to provide the NAC policy enforcement. Although Juniper obviously wants to sell firewalls to provide enforcement, the Infranet Controller can provide enforcement using VLANs when users authenticate with 802.1X switches or wireless controllers.
Management is handled through a Web GUI to the Infranet Controller, which is overall pretty intuitive and easy to navigate. We configured authentication against our Active Directory for testing, which was easy to set up. We just defined the account to use and the base search settings. Juniper also provides extensive support for different authentication platforms, including Lightweight Directory Authentication Protocol, RADIUS, ACE (SecurID) and NIS.
User access is permitted through a combination of the machine’s location, user identification, integrity-assessment results and requested resources. Combined, this information determines what role a user is assigned, how each is authenticated, what security posture a user needs to follow to gain access, and in the end, what resources each is able to tap into.
Within this association, endpoint-security requirements are defined to provide additional requirements. For example, a user may be required to have an up-to-date antivirus installation running on a system. If this is in place, a user is assigned an employee role and granted full access to employee resources. If this is not in place, users could be assigned to different roles as determined by the administrator, and that may allow them to remediate the deficiency in their antivirus software or just provide limited resource access.
The Leader in Network Knowledge
Comment