NAC in Interop spotlight

By Andrew R. Hickey, News Writer 15 Dec 2005 | SearchNetworking.com

News on networking, mobility and voice Digg This!     StumbleUpon     Del.icio.us

NEW YORK -- The line between security and the network is blurring and many in IT are being forced to wear two hats to keep their networks free from attacks.

And at Interop yesterday, that shift was evident, as several vendors and industry experts outlined the need to add appliances that protect from worms, viruses, Trojan horses, hackers and other malicious onslaughts at the network level.

Welcome to the era of network access control.

"Going forward, we'll be seeing a shift in focus from threat protection to security design," said Paul Stamp, analyst with Cambridge, Mass.-based Forrester Research Inc. "Security will be built into our network technology so that it's secure from the ground up. Network access control and quarantining mechanisms are a step in that direction."

For more information Check out our story on Cisco's NAC framework Read an interview on Cisco's NAC strategy

Essentially, network access control restricts who can get onto the network and what they can do once connected. It uses authentication and corporate security policies to dictate where users can go and what information they can access, while also scanning for the appropriate antivirus software and other network threat protection.

While the big boys, Cisco Systems Inc. and Microsoft are major players in the network access space, other smaller vendors are starting to make waves.

Lockdown Networks Inc. today rolled out its NAC appliance, version 4.1, which works at the switch level to make access decisions based on device health, time, date, user and group information. Senior product manager Bryan Nairn, of Seattle-based Lockdown, said the appliance controls network entry and continually checks to make sure linked devices are in compliance with the latest software and updates.

Similar to Cisco's NAC framework, users are quarantined if anything on their device is amiss. From there, they are offered remediation and not allowed onto the network until the problem is fixed.

"It keeps out viruses and protects against unauthorized access," Nairn said. What sets Lockdown apart, he said, is that version 4.1, supports several modes of authentication, not just 802.1x.

Another vendor planting its foot in the NAC space yesterday was Vernier Networks, which offers a single, agentless, vendor-agnostic appliance. Unlike Cisco, the Mountain View, Calif.-based vendor's EdgeWall Rx network access management appliance sits in-line on the network.

Ranjeet Sonone, product manager with Vernier, summed the EdgeWall Rx up this way: "You send a bad packet to us and we drop it."

Like Lockdown 4.1, EdgeWall authenticates and continues with periodic device checks to ensure users and devices are still in compliance.

Going forward, we'll be seeing a shift in focus from threat protection to security design. Security will be built into our network technology so that it's secure from the ground up. Paul Stamp Analyst, Forrester Research Inc.

"Now you have a machine to make sure every device that accesses that network is compliant," Sonone said. EdgeWall also features a browser-based notification of quarantine and, like Lockdown, allows network administrators to set their own security and compliance policies based on several criteria, including user, device and role.

But John Stier, telecommunications and networking director for Stony Brook University in New York, wasn't sold on NAC as a viable solution for his network security woes.

"I'm not convinced," he said. "Quite frankly, we're dealing with an unsolvable problem."

Stier explained that NAC may be fine for a corporation, but on a university network that handles tens of thousands of varying devices this technology approach is simply not plausible.

"We're dealing with computers that are not centrally managed and not uniform," he said. "Those machines could have anything under the sun on them, and they probably do."

Though Stier admits that a NAC appliance would be beneficial, he can't picture any realistic way he could deploy it. Stier said he feared forcing students into compliance-based access would create droves of privacy and support issues that his staff just couldn't handle. Plus, he added, catching one infected device out of thousands is a tough feat.

"If you have a room full of 100 people and one has the flu, how do you catch him?" he asked.

Despite Stier's protests, experts said NAC appliances are going to be a necessity within the next year. Chris Christiansen, vice president of security products and services for Framingham, Mass.-based research firm IDC, forecasted that by 2008, 80% of all security products will be network appliance-based.

"Once an unhealthy device connects to a LAN and immediately injects something malicious, it's over," he said.

During his discussion "Network Security: Two Worlds Collide," Christiansen said Trojans horses, viruses and worms will pose a serious threat for the foreseeable the future, while spyware attacks will continue to flourish. He said protecting the network from unwelcome or infected devices is imperative and NAC is a big part of it.

"If you think it's bad now," he said, "it's going to get incredibly worse."

Tags: Network Security Monitoring and Analysis,  Network Security Best Practices and Products,  Network Access Control,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Monitoring and Analysis Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation How can I calculate perimeter firewall throughput? How do I find the application on my network that's dropping packets? Integrating NAC with network security tools Where can I find a sample security audit report? How can I run my own? The firewall remains the network traffic cop, but its role is changing Troubleshooting VLANs: How to monitor 802.1q tagged traffic Poor data-loss prevention practices almost cost Intel a billion How can I block my competitor's IP address range from my website? Network Security Best Practices and Products Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer? Integrating NAC with network security tools Should organizations separate technical from administrative security? What network equipment is needed to secure a small business LAN? Ethical hacking and countermeasures: Network penetration testing intro Are you on a domain name system (DNS) blacklist database? Rogue access points: Preventing, detecting and handling best practices Network security threats solved by risk management: John Pironti explains Network Access Control Network security risks multiply when enterprises begin outsourcing Dynamic policy ensures faster, safer network for school district NAC appliance vendors: Can you depend on them? NAC integration at the endpoint Extending NAC enforcement to network security devices Integrating NAC with network security tools Network access control market crushed by economy, but future is bright Joel Snyder discusses Network Access Control Day at Interop Las Vegas Maturing NAC market gets its first Gartner Magic Quadrant Poor data-loss prevention practices almost cost Intel a billion

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary