- 10 open source companies to watch
- Mythbuster busts his own tale
- $208 million petascale computer gets green light
- Sony recalls 73,000 Vaio laptops
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
| Clear Choice Test: NAC | |||||||||
|
|||||||||
Cost: $20,370 for 1,000 users.
Score: 3.03
McAfee network-access control has a strong foundation in the breadth of security checks it can render, and it’s got strong ties to McAfee’s mature endpoint-security management platform, but it lacks some standard NAC capabilities, such as a captive portal for guest users, the ability to authenticate users against external repositories and the option of creating custom endpoint checks.
The product comprises a central server, a software agent called McAfee Policy Enforcer Agent and management hooks into McAfee’s ePolicy Orchestrator (ePO), which also is used to manage pretty much all of McAfee’s antivirus, antispam and host intrusion-prevention tools.
McAfee primarily provides self-enforcement for network access based on the posture of device in question. The Policy Enforcer Agent residing on the client machine routinely conducts policy checks (with no noticeable performance impact in our testing), and if it finds a problem, the agent on the device limits network connectivity as opposed to having a piece of the network infrastructure handle enforcement. Check Point also offers this level of self-enforcement.
You also can integrate McAfee NAC with leading VPN providers, such as Check Point and Juniper, to either allow or drop connections based on McAfee-driven system assessments or use SNMP to control your network switch in order to force virtual-LAN changes.
The company asserts that future releases will provide further enforcement support through the McAfee IntruShield network IPS product, as well as 802.1X and DHCP ties.
For testing, we deployed McAfee NAC and ePO on a Windows 2003 server and used both the agent-based endpoint assessment and self-enforcement efforts as well as switch integration for network-based enforcement activities.
The McAfee NAC product does not support direct integration for external authentication, but instead relies on the authentication information on the endpoint accessed by the agent software. In McAfee’s scheme, policies are assigned based solely on the posture of device and not in any way on the user who might driving the device. Device-based access works well when you have a diverse population of users with the same endpoint-security requirements. Alternatively, user-based access works best when you have specific security requirements for a user’s role where they could be using different endpoint systems to access the network.
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment