- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Network access control is a huge topic of discussion in IT and a focus of activity among vendors. Over time, the acronym has become almost generic through overuse and the definition varies. When I asked IT executives how they define it, the core of consensus is that NAC revolves around three things:
* Admission control, which is the ability to selectively let hosts attach to the network and stay attached — a key to NAC, according to all who answered this question.
* Health checks, which is the ability to see that connecting systems are up to date on patching, antivirus and the like, made part of the definition of NAC by a majority of respondents.
* Access control, which is the ability to say which hosts can see or do what while attached. A minority of those surveyed cite this as ideal in a NAC system. A CISO at a financial-services company explains this feature as “the ability to validate end-systems prior to gaining access and then controlling where they are allowed to go once they are on, much like user management should be."
Few of the respondents actively practice NAC now. Being able to connect to the VPN is the extent of NAC for most external hosts, for example, and there is no access control on LAN ports. Only about 14% of respondents apply endpoint checks for application and operating system patching; the presence of firewalls, antivirus or antispyware; USB-attached devices; and password strength. However, nearly 60% wish they could be applying checks at least for firewalls, antivirus and antispyware tools, and about 40% desire password and operating system checks. Less than a third want application checks.
Cost and complexity explain most of the gap between the level of checking desired and implemented; NAC can require added network infrastructure and sometimes upgrades to existing network equipment, for example, to support the 802.1x standard for authenticating network access at the switch-port level. Although few are spending anything on NAC yet, everyone feels future spending on NAC is likely (most feel certain) to go up.
Applying admission, health and access controls on endpoints sounds enticing. But until it can be done without network overhauls and with more broadly interoperable protocols, adoption is likely to be slow and spotty.
Rss FeedRss Feed
Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment