Skip Links

Network World

  • Social Web 
  • Email 
  • Close
073007-nac-test-banner.html
Clear Choice Test: NAC
NAC alternatives hit the mark | NetResults | Test archive
Inside this test package
13 product summaries
Main story links

Vernier’s EdgeWall offers NAC plus security

By Mandy Andress , Network World , 07/30/2007

Vernier’s EdgeWall

Cost: $45,000 for chassis, support for 1,000 users and one Control Server management appliance.

Score: 3.55

With little network integration required, Vernier provides standard assessment functionality for network-access-control with its EdgeWall product. But it also joins competitor’s ConSentry and ForeScout in the class of NAC products that includes an intrusion-detection system to monitor for malicious traffic flow at all times. Vernier's policy-development process offers an extreme level of flexibility. While that flexibility is necessary for large deployments, it can become overwhelming for the administrator.

In Vernier Networks’ NAC scheme, its EdgeWall appliance provides in-line assessment and enforcement functionality, while policy creation and overall management capabilities are driven by the Control Server, which sits elsewhere on network.

For testing, we deployed an EdgeWall appliance between the access and distribution layer of the test network to provide general LAN-based NAC. For remote access and wireless access, a similar in-line deployment would work, and the company claims support for 802.1X environments as well.

Vernier includes a captive portal for guest users that offers similar functionality to most other products tested. The portal is a standard Web page requesting user authentication and registration information. If an issue is identified on the endpoint, a page displays the assessment results, while a predefined message from the administrator typically provides information about how to clear up the issues at hand.

The management GUI has a clean presentation overall. Policy definition allows for a lot of flexibility but can get complicated to manage quickly. Vernier access policies comprise a series of profiles outlined as identity, connection and integrity profiles.

Say you want employees in the finance group to access only a specific group of servers. To achieve this, you would create an access policy to define what network resources the finance group can have access to. Next, you would create an identity profile for the existing finance Active Directory group that associates a security policy defining the types of assessments must run against the endpoint system.

The next step is to define the connection profile, which defines how to handle network access based on endpoint-assessment status. Profiles include out of compliance, compliance scan in progress and device scanned. For this example, we would use the default “Any” rule, because we are looking just at access for a compliant finance group user. As part of the connection profile setting, you define where the user authenticates. Next, you set up an integrity profile to define what patch compliance, vulnerability assessment and intrusion-prevention protections need to be performed. The last step is to add the entry to the rights table that creates the rule to associate the identity profile, connection profile, integrity profile and access policy with each other to create the full finance group policy.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.

Whitepapers

Advancing the Economics of Networking

Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...

Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices

This paper reviews the problem of creating a network where the dynamic availability of services is...

Enterprise Data Center Network Reference Architecture

Using a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...

Webcasts

PoE Plus: Impact on the PoE Market

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...

Harnessing the power of communications to increase workplace performance

Due to the convergence of IT and telecommunications technologies, the business workplace has been...

Stay out of the headlines: Detecting and preventing network intrusions

How do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...

Special Reports

The Evolution of Network Security

We have so many holes punched in our firewalls today that many industry insiders question the value...

IP address management in 2008 - six things to know

Read this Network World Special Brief to learn how Enterprise IT managers must update their...

The self-managed network

We aren't there yet, but advances in network and systems management tools are making it possible to...