| Clear Choice Test: NAC | |||||||||
|
|||||||||
Cost: Pricing starts at $20 per IP address
Score: 3.83
StillSecure Safe Access is an appliance that can be deployed in three scenarios – as part of an 802.1X authentication scheme, sitting in-line or working in conjunction with DHCP server. In the last scenario, which is sometimes the only option for an organization based on infrastructure limitations, is when SafeAccess performs an endpoint assessment before the DHCP server gives the endpoint an IP address and provides network access. The drawback with DHCP is that a static IP addresses can bypass the endpoint-assessment process.
For testing, we deployed Safe Access in-line between the access and distribution layer of our test network.
Guest access is handled by StillSecure using a captive Web portal. When the guest users try to gain network access through the portal, an Active X agent is pushed out to the unknown machine to perform the system assessment. Managed systems can have a persistent agent installed on the system or be assessed agentlessly (remotely) using administrator credentials provided to the Safe Access system.
User authentication can occur against a Lightweight Directory Access Protocol store or relational-database management system. For testing, we configured Safe Access to integrate with our LDAP-based Active Directory server, which worked fine, requiring only that we enter the username/password to access the directory and the base distinguished name search for our directory.
StillSecure’s authorization is based on groups defined by physical items, such as IP address or domain name. In this process you define which endpoint-assessment policies are run against which devices. You use the general-management GUI to create an access policy and then map the endpoint checks to be performed against a device group. With StillSecure, there is no means to set up authorization based on users’ roles as there are in most other products tested.
Device-based access works well when you have a diverse population of users with the same endpoint-security requirements. User-based access works best when you have specific security requirements for a user’s role, and they could be using different endpoint systems.
The information collected about any machine coming onto the network is just username as well as MAC and IP addresses, which is an average amount of data collected by the devices tested.
For endpoint assessment, StillSecure supports the top-tier antivirus providers as well as second-tier ones, including Avast, Panda and ClamWin. On its natively supported list of personal firewalls are ISS, Tiny Personal Firewall and ZoneAlarm. It can also check for critical patches for the Windows operating system and key applications, such as Microsoft Office.
Full vulnerability assessment is not supported, but a few checks for critical malicious or unwanted software, such as Blaster and BitTorrent, are available. The agent checked all and functioned as expected in our tests. It had only the smallest impact on the client system, with client CPU use never increasing more than 5%.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment