- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
Senior Editor Tim Greene clarifies issues surrounding the evolving NAC security architecture.
Juniper has announced it is rolling out capabilities to check whether remote machines meet corporate security policies before allowing them SSL remote access to networks.
Many VPN and SSL remote access vendors do this and call it host checking or endpoint security. An agent on the remote machine reports back to a gateway a list of pertinent data about its configuration and this is compared with a database of policies that must be met. If the machine meets them, it gains access.
If not, it can be blocked or referred to a server where it can get what it needs to comply.
Juniper's Endpoint Defense Initiative (JEDI) will do this, but it also includes a feature on its SSL remote access gateway that pushes any missing software to the remote machine. If a computer lacks updated virus signatures, the gateway can push them. If it lacks a personal firewall, it can push one.
The limitation here is that JEDI requires the cooperation of other vendors who make firewall, anti-virus or malware detection software. They must write versions of their products that Juniper gateways can store and send, and so far the company has a list of six other vendors that are cooperating. Five are writing special versions of their software, and the sixth, Microsoft, is sharing information with Juniper so it can make Juniper software compatible with Microsoft's new Internet Connection personal firewall.
Separately, Microsoft is introducing its own limited version of this in its Network Access Protection (NAP) plan. The company will provide a NAP server as part of Windows 2003 Server that can refer to directories or other devices to check whether policies are met. Microsoft will also include a feature in Windows XP that reports to the NAP server the security health of host machines.
Microsoft has a long list of partners that promise to support NAP, one of them being Juniper.
NAP and JEDI seem to overlap, but such overlap will become the norm when NAP is released sometime next year. Juniper says its SSL gateways can become enforcement points in networks using NAP as a mechanism to check remote machines. Or customers can use JEDI to perform the same function.
Similarly, other NAP partners say their independent security schemes can function on their own or with Microsoft's gear as a unifying component.
Tim Greene is senior editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment