Enterasys upgrades NAC to handle guest devices

NetSight management suite lets enterprises use MAC addresses to apply NAC policies to unmanaged devices

Enterasys is issuing a new version of its NetSight management suite that lets its NAC system set policies for unmanaged devices such as guest laptops.

With NetSight 3.0, the company's NAC Manager software now supports MAC-address registration tied to user identity as a criterion for applying policy.

This lets enterprises divert the laptop of a guest or consultant who is trying to log into the network to a Web portal, where the user would be queried for information that can be paired with the MAC address of the machine.

A guest might be granted just Internet access if the MAC address is unknown or the user ID is unknown. Alternatively, the device might be allowed onto a restricted VLAN if a trusted sponsor -- an authorized company employee -- enters a valid user name and password.

Vendors such as Bradford Networks and Great Bay Software have means to use MAC addresses to apply NAC policies to unmanaged devices that may include printers and IP phones.

This option is primarily for guests, contractors and other people who use computers not issued by the corporation, and allows known, validated employees to vouch for visitors.

Enterasys also is introducing Assisted Remediation Server, which automatically refers machines that fail NAC preadmission scans to a server where they can be patched to address whatever shortcomings the scans reveal.

A device that fails the initial scans is sent to a Web portal, which displays what steps the user should take to remediate the problem. Before, Enterasys did not have a remediation mechanism.

In addition, Enterasys now supports postadmission NAC by blending features of its new Automated Security Manager with its NAC Manager platform. Postadmission NAC monitors devices that have been admitted to the network and can restrict their activity if they violate behavior policies.

So when Automated Security Manager is notified by intrusion-detection systems of behavior that violates such policies, it passes details of the violation along to NAC Manager. In turn, NAC Manager enforces policies to address the unauthorized behavior. The device can be quarantined until the unauthorized behavior is shut down.

For example, if a workstation starts serving FTP files, it could be quarantined and the user directed to shut down the FTP server in order to be readmitted to the network.

Other NAC vendors such as ConSentry, ForeScout, Mirage and Nevis Networks push postconnect NAC as a strength of their products.

InSight 3.0 also introduces Policy Control Panel that lets nontechnical users modify standard policies to better control access in certain environments. At a school, for instance, a teacher could be given control of access policies to block the use of instant messaging in a classroom for a certain time period.

In this example, the policies the teachers would control are limited and set by a network administrator, and the teachers could not create policies of their own, Enterasys says.

Policy Control Panel is sold separately and costs US$11,995 on a Web server appliance. The rest of the upgrades come with InSight when bought new and with InSight service contracts.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?