IETF pushes for interoperable NAC

* NAC is a strong candidate for standardization

Network access control has come to refer to technology that enables enterprises to enforce security policies on endpoints connected to their networks. An enterprise security policy, for example, might require endpoints to have up-to-date security patches and antivirus tools, or prevent the use of applications such as peer-to-peer file sharing or instant messaging.

NAC endpoint security policies can be verified only by scanning the endpoint for compliance from the inside. This process involves taking measurements on the endpoint, such as file versions or checksums, and comparing them against reference values. But to keep up with antivirus vendors updating their signatures, or operating system vendors issuing new security patches, the database of reference values can change almost daily. Clearly, a certain amount of infrastructure is needed to support all of these NAC moving parts.

Multiple vendors offer what appear to be comparable NAC solutions, but none are interoperable. This makes NAC a strong candidate for standardization. Last fall, the IETF chartered the Network Endpoint Assessment (NEA) Working Group to standardize the protocols common to a number of NAC infrastructure architectures, such as Network Access Protection from Microsoft, Cisco Network Admission Control and Trusted Network Connect from the Trusted Computing Group, with the goal of promoting interoperability.

Initially, the priority would be standardizing the protocols that carry information about the status of various endpoint attributes - what the NEA calls "posture attributes" - between "collectors" on clients and the "validators" that run on policy servers.

For more on this story, please click here.

Tardo is chief security architect of Nevis Networks.
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)