NAC: Hot technology for 2008

Not a cakewalk

IT execs want to make sure that users don't come back from a business trip and infect the entire company. IT execs want to make sure contractors with visitor access to the network aren't able to do damage or get access to confidential information. And IT execs want to make sure that users are properly authenticated and that they only access applications they need to do their jobs.

The difficult part is figuring out how to accomplish all that. Or any single part of that.

There are so many competing standards and approaches that you may be tempted to simply give up. After all, you've got the Trusted Computing Group with its Trusted Network Connect architecture. Lots of vendors offer point products that support the TNC architecture. But not Cisco.

Cisco has its own CNAC framework. Cisco has products that support the framework as well as separate point products. Amazingly, Cisco's current NAC appliance and its NAC framework use different client software to evaluate the security posture of network endpoints. It got so confusing for customers that Cisco in August tried to unify its own two-track strategy by launching something called oneNAC.

Then there's Microsoft. Microsoft doesn't even use the term NAC. Microsoft felt compelled to come up with its own term - Network Access Protection or NAP. Microsoft came up with the term quite a while ago, but actually coming up with products has proven a bit more challenging.

Microsoft's NAP policy server won't arrive until Windows Server 2008 ships. So, you couldn't deploy a full-blown Microsoft NAP architecture today, even if you wanted to.

So, what's a customer to do? Go with TCG. Go with Cisco. Wait for Microsoft?

The good news is that Network World has conducted several tests of NAC products and we can report that they do work and that they do interoperate. If you need NAC now, there are viable options.

First, we tested NAC solutions based on Cisco's architecture and TCG's. We tested 30 products for end user authentication, end-point security, enforcement of security policies and for management. Bottom line: Whether you choose TCG or whether you choose Cisco, you can get the job done.

If you're not ready to go down the route of deploying a full-blown NAC framework and you just want to plug in a NAC appliance, you have plenty of options. We tested 13 NAC point products and found that while each product has certain strengths and weaknesses, as a general category, NAC point products are ready for prime time.

The questions that IT execs need to focus on are: What am I trying to accomplish with NAC? And what is the best way to get there?

NAC promises pre-admission controls - in other words, making sure infected machines don't get on the network and making sure unauthorized users don't get on the network. But a more interesting use of NAC tools is post-admission controls - making sure endpoints stay in compliance while connected to the network and making sure users are doing what they're supposed to be doing.

IT execs need to analyze their needs, examine their timeframe and then make a decision on whether to go appliance or framework. And, if framework, which one. Like, we said, it's not an easy decision to make. But it's something IT execs need to address sooner rather than later.

Read about the other seven hot technologies for 2008:

Data leakage prevention: Hot technology for 2008
Two-factor authentication: Hot technology for 2008
Web 2.0: Hot technology for 2008
iSCSI: Hot technology for 2008
802.11n: Hot technology for 2008
Green IT: Hot technology for 2008
Virtualization: Hot technology for 2008

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Neal Weinberg

Neal Weinberg

Network World
Show Comments

Brand Post

Win pair of MOMENTUM True Wireless

Three PC World readers will be in the running to take home a pair of MOMENTUM True Wireless which are meticulously crafted with every fine listening detail considered. *T&C's Apply

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?