Search This Blog

Thursday, September 06, 2007

Two tales of NAC implementation

Network World

Security: Network Access Control




Network World's Security: Network Access Control Newsletter, 09/06/07

Two tales of NAC implementation

By Tim Greene

Here are two cautionary tales about NAC implementations, both from Rob Whiteley, an analyst with Forrester Research.

First, a large corporation wanted to implement NAC and tried out the three different categories: software, appliances and network-based. After testing, it settled on an appliance.

The appliance used SNMP commands to communicate with switches, and that created a problem. The business already had a complex network management platform in place that kept track of SNMP traffic, and the NAC appliance was essentially hijacking the traffic. That created triggered problems for the management platform.

Network World Security Buyer's Guide

Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise.

Click here to go to the Security Buyer's Guide now.

The second tale involved a business that refreshes its PC configurations periodically as a matter of desktop maintenance. This is automated using pxeboot, a pre-boot execution environment that pulls down a new desktop image before the operating system starts up.

When pxeboot tried to do this for several hundred PCs, the NAC appliance the company installed didn’t get a NAC endpoint check report from the devices and quarantined all of them. The company had to make a workaround to solve the problem.

Both cases point out that businesses must carefully test NAC in their network environments before they bring NAC live. NAC is primarily a security technology, but it has implications for the IT teams that focus on desktops, operations, networking, identity management, change management, etc.

The bottom line for customers is that they should have well-defined tasks for NAC and attempt to address them directly and concisely without introducing any more complexity than is absolutely necessary. And then the NAC solution should be vetted very carefully to avoid these types of unintended effects.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. Google: Apps not a Microsoft Office add-on
2. Cisco unveils 802.11n WLAN access point
3. IBM stores data on an atom
4. Why do AdblockPlus users hate my kids?
5. Cisco plans to blend two NAC schemes
6. Cisco playing network defense
7. Foleo, Foleo, where are thou, Foleo?
8. UTM firewalls: Ready for the enterprise
9. Microsoft buying RIM (Blackberry)
10. MPLS proposal spawns IETF, ITU turf war

MOST-READ REVIEW:

IBM Lotus Sametime tops corporate IM platform review


Contact the author:

Tim Greene is a senior editor at Network World, covering network access control, virtual private networking gear, remote access, WAN acceleration and aspects of VoIP technology. You can reach him at tgreene@nww.com.



ARCHIVE

Archive of the Security: Network Access Control Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments: