Security researchers demo Cisco NAC flaw

Heise Security is reporting that security researchers at the Black Hat Conference in Amsterdam at the end of March, demonstrated how Cisco's Network Admission Control can be fooled.

According to Heise Security (the story was found by "In a live demonstration using a modified Trust Agent, Michael Thumann and Dror-John Röcher from ERNW were able to gain full access to an NAC protected network using a computer which did not comply with network policies.

"According to Thumann and Röcher, Cisco has acknowledged the problem and will be releasing its own advisory on the issue shortly. Network administrators can use systems such as Cisco's NAC to define access policies. An example would be that up-to-date anti-virus software and operating system patches must be installed for computers attempting to access the intranet. In NAC, conformity with these policies is checked by a 'Trust Agent' or 'Security Agent', which is installed on the clients and reports its results to the NAC router."

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.