Juniper rounds out Unified Access Control

By Andrew R. Hickey, Senior News Writer 14 Nov 2006 | SearchNetworking.com

News on networking, mobility and voice Digg This!     StumbleUpon     Del.icio.us

UAC 2.0 evolved out of Juniper's acquisition of Funk Software last year, said Stephen Philip, director of product marketing for Juniper's security products group.

Version 2.0 is an open standards-based Layer 2 and 3 access control solution designed to give companies real-time views and granular policy control throughout the network. The latest release supports multivendor environments for both the 802.1X standard and the Trusted Computing Group's Trusted Network Connect (TNC), a set of nonproprietary specifications that enable open standards-based access control.

UAC 2.0 balances access and security controls by binding user identity, endpoint integrity, and location information with access controls. The UAC solution combines Juniper's Infranet Control, which serves as the central policy manager; the UAC Agent, which is a dynamically downloadable endpoint software; and additional products that include Juniper firewalls and any 802.1X-enabled switch or wireless access point.

Both the Infranet Controller and the UAC Agent contain features from the Funk acquisition, Philip said, including the Odyssey Access Client 802.1X supplicant and Steel-Belted Radius.

Overall, the UAC solution gives access control from the start of a session, before a UP address is issued. Version 2.0 supports user identity and endpoint verification at both Layers 2 and 3 across an 802.1X infrastructure. It performs a host of endpoint assessment checks, including functionality tests and checks for antivirus, spyware, firewall, patch management, configuration policies, OS and malware checks. All can be incorporated into security policy.

The agent is also capable of initiating remediation actions to bring endpoints up to snuff before allowing them onto the network. Access control can also be performed in an agentless mode, Philip said.

Robert Lemm, IS supervisor for KAMO Electric Cooperative Inc., an Oklahoma-based power company that provides power to 17 other regional power companies, said all of KAMO's 17 branches were interconnected through the Internet, meaning they could all connect to one another. Lemm said the company wanted more control and wanted all of the companies to connect through headquarters. KAMO also wanted their postures to be evaluated before they could talk to the network.

For more on NAC Check out our special report on network access control

"Our biggest fear with the interconnects between the co-ops was if they got compromised, we'd get compromised," Lemm said. Since KAMO (short for Kansas, Arkansas, Missouri and Oklahoma) is a utility, a compromised network could allow someone into the control system and power grid. From there, power could be sapped to nearly half a million homes and businesses. "We can't afford to have a dark spot in the middle of the country."

Lemm and his team started looking for solutions. At first, Juniper wasn't an option. "At the time, Juniper had nothing on the table to meet our requirements," he said.

Lemm said he put out an RFP, and Cisco met pretty much all of his requirements with its Network Admission Control solutions. Over time, however, the cost of the Cisco NAC solution started adding up.

"They said, 'You're going to have to replace every switch in your network to make it work the way you want it to,' " Lemm said. That would mean pulling out and replacing 84 switches, he added, and it was completely unrealistic to rip out a $250,000 infrastructure.

"It was not a good business strategy for us [to swap switches]," he said. "We felt let down, disappointed."

After a few more evaluations, KAMO came to Juniper and gave them an RFP.

"They met almost every line item, and we didn't have to change our network strategy," Lemm said. Juniper's UAC takes up half the rack space Cisco's would have, he said, and the overall cost differed very little.

Version 2.0 will give Lemm more granular control over the co-ops and provide a really good "housekeeping tool."

"The Juniper UAC solution allows us to not only ensure policy compliance of devices and users prior to login and issuance of an IP address, but also to dynamically control access to resources and applications during the entire duration of the user session, for meaningful access control," Lemm added. "This approach has the potential to meet a wide range of challenges related to controlling our network."

Tags: Network Access Control,  Network Security Best Practices and Products,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Access Control Network security risks multiply when enterprises begin outsourcing Dynamic policy ensures faster, safer network for school district NAC appliance vendors: Can you depend on them? NAC integration at the endpoint Extending NAC enforcement to network security devices Integrating NAC with network security tools Network access control market crushed by economy, but future is bright Joel Snyder discusses Network Access Control Day at Interop Las Vegas Maturing NAC market gets its first Gartner Magic Quadrant Poor data-loss prevention practices almost cost Intel a billion Network Security Best Practices and Products 3Com acquisition confirms HP-Cisco battle for China Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer? Integrating NAC with network security tools Should organizations separate technical from administrative security? What network equipment is needed to secure a small business LAN? Ethical hacking and countermeasures: Network penetration testing intro Are you on a domain name system (DNS) blacklist database? Rogue access points: Preventing, detecting and handling best practices

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary network access control  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary