Intel adds desktop NAC to latest chips

Intel's new vPro Core 2 Duo chips will provide integration with NAC tools, though some analysts say it will be some time before NAC use is widespread

Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers.

One of a handful of new security features built into the vPro Core 2 Duo chips introduced by Intel on Monday, the added support for the 802.1x standard for NAC and interoperability with Cisco's Network Admission Control guideline -- delivered via the processors' Intel Embedded Trust Agent -- could help accelerate adoption of the device authentication systems while solidifying support for the two formats, experts said.

NAC systems are used to scan device and user authentication information whenever a machine attempts to log onto to a network protected by the tools. In addition to protecting against potential break-ins from uninvited outsiders, the tools are also considered a useful alternative for enterprises to employ in segregating access to IT systems shared with partners or contractors.

Using the Embedded Trust Agent, Intel said that it can now provide NAC systems -- including any built on the 802.1x or Cisco NAC platforms -- to garner device identity information directly from processor, bypassing the need for the authentication technologies to interact with PC operating system software.

One of the potential methods to circumvent NAC systems outlined by security researchers thus far has been to use some method to spoof or misrepresent device information to dupe the network defense tools. By presenting machine identity data on the processor, such attacks could be largely eliminated, Intel officials said.

While Intel did not promote direct linkage between Embedded Trust Agent and Microsoft's flavor of NAC -- known as Network Access Protection and already integrated into the software giant's Vista OS -- Cisco and Microsoft have previously announced an agreement to make all of their respective network authentication systems compatible.

Similar support for NAC on mobile platforms will arrive with Intel's next batch of Centrino chips, slated for shipment sometime in 2008, said company officials.

Cisco officials participating in Intel's vPro launch said that the CPU-level NAC integration could prove to be a significant accelerant to adoption of the technology, which most industry experts have charted as relatively slow thus far, despite the networking giant's claim that many of its customers are tuning on the next-generation authentication systems.

"The strength of NAC is certainly based on the reliability of the information that you can present to the network, and having direct access to information on the hardware provides a whole new opportunity that hasn't been present only with OS interaction," said Brendan O'Connell, senior product manager for Cisco's Security Technology Group.

"In the past, even with existing NAC systems, what's happened is that when a PC starts up on the network, the security decision is held off while other things are being run in the background, but we're hoping to see that change and get in the door earlier," he said. "There are some big advantages for getting this type of information to present device security posture assessment sooner in the process, both for desktops and down the road for other types of devices."

Chip technology providers have attempted to market similar CPU-based security tools -- most notably Phoenix Technologies -- but those efforts have gone largely ignored by customers with Phoenix recently scrapping its core software security products based on insufficient demand.

Other third-party NAC technology providers said that Intel's move to embrace NAC should help drive new interest in the systems and codify the industry around the standards it has chosen to support.

"On a functional level, this should prove useful by speeding up testing. Instead of waiting for a machine to boot up to get a posture assessment, the NAC system will already recognize the machine's attributes and begin assigning privileges," said Alan Shimel, chief strategy officer for StillSecure, a maker of NAC software.

Shimel pointed out that while a nice addition, most NAC systems will still need some form of user identification data, typically provided via software that runs on a device OS, to offer full authentication capabilities.

"It will be interesting to see if AMD adopts a similar approach and the same standards; that could have a good effect on the industry as a whole," he said. "It's good to see that Intel is supporting 802.1x because that's the standard most other NAC vendors are working with."

While CPU-level integration is a nice addition, some industry watchers maintain it will still be some time before NAC is deployed widely by large numbers of enterprise customers.

Because NAC doesn't directly address external threats or efforts to comply with government regulations, such as the Payment Card Industry data security guideline, most companies aren't yet budgeting for NAC tools, said Paul Stamp, analyst with Forrester Research.

"The problem with NAC is that in itself it satisfies no compliance mandate directly, and it doesn't protect against any specific type of attack. The real driver for NAC will be when businesses begin to demand so much mobility and collaboration that current security technologies can't meet those goals," Stamp said. "People are struggling to find a driver for NAC right now, and this type of platform-level interaction could be important when they do, but it could be another five years before we see real demand."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?