NAC: Hot technology for 2008

Not a cakewalk

IT execs want to make sure that users don't come back from a business trip and infect the entire company. IT execs want to make sure contractors with visitor access to the network aren't able to do damage or get access to confidential information. And IT execs want to make sure that users are properly authenticated and that they only access applications they need to do their jobs.

The difficult part is figuring out how to accomplish all that. Or any single part of that.

There are so many competing standards and approaches that you may be tempted to simply give up. After all, you've got the Trusted Computing Group with its Trusted Network Connect architecture. Lots of vendors offer point products that support the TNC architecture. But not Cisco.

Cisco has its own CNAC framework. Cisco has products that support the framework as well as separate point products. Amazingly, Cisco's current NAC appliance and its NAC framework use different client software to evaluate the security posture of network endpoints. It got so confusing for customers that Cisco in August tried to unify its own two-track strategy by launching something called oneNAC.

Then there's Microsoft. Microsoft doesn't even use the term NAC. Microsoft felt compelled to come up with its own term - Network Access Protection or NAP. Microsoft came up with the term quite a while ago, but actually coming up with products has proven a bit more challenging.

Microsoft's NAP policy server won't arrive until Windows Server 2008 ships. So, you couldn't deploy a full-blown Microsoft NAP architecture today, even if you wanted to.

So, what's a customer to do? Go with TCG. Go with Cisco. Wait for Microsoft?

The good news is that Network World has conducted several tests of NAC products and we can report that they do work and that they do interoperate. If you need NAC now, there are viable options.

First, we tested NAC solutions based on Cisco's architecture and TCG's. We tested 30 products for end user authentication, end-point security, enforcement of security policies and for management. Bottom line: Whether you choose TCG or whether you choose Cisco, you can get the job done.

If you're not ready to go down the route of deploying a full-blown NAC framework and you just want to plug in a NAC appliance, you have plenty of options. We tested 13 NAC point products and found that while each product has certain strengths and weaknesses, as a general category, NAC point products are ready for prime time.

The questions that IT execs need to focus on are: What am I trying to accomplish with NAC? And what is the best way to get there?

NAC promises pre-admission controls - in other words, making sure infected machines don't get on the network and making sure unauthorized users don't get on the network. But a more interesting use of NAC tools is post-admission controls - making sure endpoints stay in compliance while connected to the network and making sure users are doing what they're supposed to be doing.

IT execs need to analyze their needs, examine their timeframe and then make a decision on whether to go appliance or framework. And, if framework, which one. Like, we said, it's not an easy decision to make. But it's something IT execs need to address sooner rather than later.

Read about the other seven hot technologies for 2008:

Data leakage prevention: Hot technology for 2008
Two-factor authentication: Hot technology for 2008
Web 2.0: Hot technology for 2008
iSCSI: Hot technology for 2008
802.11n: Hot technology for 2008
Green IT: Hot technology for 2008
Virtualization: Hot technology for 2008

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Neal Weinberg

Network World
Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?