- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Migrating to a new messaging system is a tedious, complex and risky process. And since this isn’t something you do everyday, you need to know "best practices" to ensure a successful migration.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch this webcast to learn in six modules how to more cost effectively consolidate your Windows servers with virtualization. This unique program allows you to pick and choose which of the six modules you would like to view or watch the entire webcast at once. Topics covered: Performance, Use Cases, Enterprise-level Support, Managing Windows Workloads, Setup and Configuration and The Future. Find out how you can simplify server consolidation within your organization today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
| Clear Choice Test: NAC | |||||||||
|
|||||||||
Cost: $30,000 for 1,000 users
Score: 4.18
Unified Access Control (UAC) is Juniper’s overall architectural answer to NAC. The company’s Infranet Controller server software lies at the center of the architecture, providing overall management and policy control for access and enforcement standards. Within the Juniper UAC deployment, NAC enforcement can occur through a generic 802.1X-configured network or through integration with Juniper’s security devices (a more complete discussion of Juniper’s 802.1X authentication success is here).
For testing, we used the Infranet Controller server in conjunction with a Juniper Secure Services Gateway (SSG) device to provide the NAC policy enforcement. Although Juniper obviously wants to sell firewalls to provide enforcement, the Infranet Controller can provide enforcement using VLANs when users authenticate with 802.1X switches or wireless controllers.
Management is handled through a Web GUI to the Infranet Controller, which is overall pretty intuitive and easy to navigate. We configured authentication against our Active Directory for testing, which was easy to set up. We just defined the account to use and the base search settings. Juniper also provides extensive support for different authentication platforms, including Lightweight Directory Authentication Protocol, RADIUS, ACE (SecurID) and NIS.
User access is permitted through a combination of the machine’s location, user identification, integrity-assessment results and requested resources. Combined, this information determines what role a user is assigned, how each is authenticated, what security posture a user needs to follow to gain access, and in the end, what resources each is able to tap into.
Within this association, endpoint-security requirements are defined to provide additional requirements. For example, a user may be required to have an up-to-date antivirus installation running on a system. If this is in place, a user is assigned an employee role and granted full access to employee resources. If this is not in place, users could be assigned to different roles as determined by the administrator, and that may allow them to remediate the deficiency in their antivirus software or just provide limited resource access.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
