NAC: Hot technology for 2008

Not a cakewalk

IT execs want to make sure that users don't come back from a business trip and infect the entire company. IT execs want to make sure contractors with visitor access to the network aren't able to do damage or get access to confidential information. And IT execs want to make sure that users are properly authenticated and that they only access applications they need to do their jobs.

The difficult part is figuring out how to accomplish all that. Or any single part of that.

There are so many competing standards and approaches that you may be tempted to simply give up. After all, you've got the Trusted Computing Group with its Trusted Network Connect architecture. Lots of vendors offer point products that support the TNC architecture. But not Cisco.

Cisco has its own CNAC framework. Cisco has products that support the framework as well as separate point products. Amazingly, Cisco's current NAC appliance and its NAC framework use different client software to evaluate the security posture of network endpoints. It got so confusing for customers that Cisco in August tried to unify its own two-track strategy by launching something called oneNAC.

Then there's Microsoft. Microsoft doesn't even use the term NAC. Microsoft felt compelled to come up with its own term - Network Access Protection or NAP. Microsoft came up with the term quite a while ago, but actually coming up with products has proven a bit more challenging.

Microsoft's NAP policy server won't arrive until Windows Server 2008 ships. So, you couldn't deploy a full-blown Microsoft NAP architecture today, even if you wanted to.

So, what's a customer to do? Go with TCG. Go with Cisco. Wait for Microsoft?

The good news is that Network World has conducted several tests of NAC products and we can report that they do work and that they do interoperate. If you need NAC now, there are viable options.

First, we tested NAC solutions based on Cisco's architecture and TCG's. We tested 30 products for end user authentication, end-point security, enforcement of security policies and for management. Bottom line: Whether you choose TCG or whether you choose Cisco, you can get the job done.

If you're not ready to go down the route of deploying a full-blown NAC framework and you just want to plug in a NAC appliance, you have plenty of options. We tested 13 NAC point products and found that while each product has certain strengths and weaknesses, as a general category, NAC point products are ready for prime time.

The questions that IT execs need to focus on are: What am I trying to accomplish with NAC? And what is the best way to get there?

NAC promises pre-admission controls - in other words, making sure infected machines don't get on the network and making sure unauthorized users don't get on the network. But a more interesting use of NAC tools is post-admission controls - making sure endpoints stay in compliance while connected to the network and making sure users are doing what they're supposed to be doing.

IT execs need to analyze their needs, examine their timeframe and then make a decision on whether to go appliance or framework. And, if framework, which one. Like, we said, it's not an easy decision to make. But it's something IT execs need to address sooner rather than later.

Read about the other seven hot technologies for 2008:

Data leakage prevention: Hot technology for 2008
Two-factor authentication: Hot technology for 2008
Web 2.0: Hot technology for 2008
iSCSI: Hot technology for 2008
802.11n: Hot technology for 2008
Green IT: Hot technology for 2008
Virtualization: Hot technology for 2008

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Neal Weinberg

Neal Weinberg

Network World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?