Do SSL VPN checks measure up to the rigors of NAC?

Network Access Control This newsletter is sponsored by Nevis Networks Webcast: Cut Through NAC Hype Over the past few years, network access control has evolved to encompass a melange of endpoint security compliance, malware detection, access control and authentication products with very different focuses. Cut through the hype and confusion to find real-world NAC answers. Network World's Network Access Control Newsletter, 06/26/07 Do SSL VPN checks measure up to the rigors of NAC? By Tim Greene Many SSL VPN vendors assess the security of endpoints as part of their network-admission routine, but that doesn’t mean these assessments are equivalent to NAC. The purpose of SSL VPN endpoint checking and NAC are similar - to evaluate the security posture of the device and impose an access policy based on that evaluation. Most SSL VPN vendors that do this use downloadable software agents to do the work, supplemented by a permanent SSL VPN client for managed machines that need network-layer VPN access. Get Everyone from the CEO to the MySpace Generation to Support Your Security Plans. September 10-11, 2007 | The Fairmont Chicago How do you get everyone from the boardroom to the mailroom to comply with your security initiatives? Come collaborate with peers on critical business topics like this at The Security Standard-the only business summit for senior security executives. For the latest in planning and management strategies. Click here for more details. Click here for more details These agents gather data about the configuration of the device and forward it to a policy server that decides whether the device state warrants access, and if so, to what. This roughly fits the description of NAC, but here are a few features that are key to NAC that can help distinguish whether SSL VPN checks measure up to the rigors of NAC. * How is endpoint-check data sent? With NAC, methods range from 802.1x to piggybacking on other authentication schemes or using a captive portal that requires allowing the scan. SSL VPN vendors often lack the richness of options. * Can the endpoint check gather data from third party clients? NAC vendors actively seek alliances with other software vendors, such as patch-management purveyors, as a means for gathering key information about configuration and security posture. * How many operating systems does the integrity checker support? This varies from vendor to vendor, but some have a wide range of support including agents for smart phones. SSL VPN integrity checks may offer sufficient protection even if they don’t include all the elements that NAC does. In fact, the SSL admission control may be appropriate for remote access purposes. It all depends on the needs of the individual customer. Since NAC is generally applied to LAN-connected devices, not remote access devices, NAC and SSL VPN integrity checks are separate. But it is valuable to compare and contrast what they do in order to devise flexible overall admission policies.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Microsoft, IBM feel heat from Google Apps 2. FAA plan looks to clean up the skies 3. Why time stands still on the iPhone 4. Lawyers show how to side-step immigration law 5. Gartner to IT: Avoid Apple's iPhone 6. Linux version of Microsoft browser plug-in 7. Level3 completes Internet2 100G net 8. Spam outbreak hits 5 billion messages 9. California gets Microsoft to change Vista 10. Verizon CEO whistling past the iPhone? MOST-DOWNLOADED PODCAST: Twisted Pair: We're not camping for our iPhone

Contact the author: Tim Greene is a senior editor at Network World, covering network access control, virtual private networking gear, remote access, WAN acceleration and aspects of VoIP technology. You can reach him at tgreene@nww.com. This newsletter is sponsored by Nevis Networks Webcast: Cut Through NAC Hype Over the past few years, network access control has evolved to encompass a melange of endpoint security compliance, malware detection, access control and authentication products with very different focuses. Cut through the hype and confusion to find real-world NAC answers. ARCHIVE Archive of the Network Access Control Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007