Many network and security administrators have implemented or are considering network access control (NAC) to support corporate security policies, but doubts remain about the technology.
NAC has grown rapidly as a method for enforcing information security policies, but without a unified standard, there is still uncertainty about how things will shake out. Think Betamax and VHS -- or more recently, Blu-ray and HD DVD -- and the "cold feet" effect becomes understandable.
There are three major approaches to NAC standards, with varying degrees of interoperability and development cooperation.
The Trusted Computing Group's (TCG) Trusted Network Connect (TNC) is a full set of standards for NAC developed by member companies.
Network Access Protection (NAP) is Microsoft's entry into computer posture checking and will become fully operational with Windows Server 2008 .
The Internet Engineering Task Force (IETF) has been working on a set of NAC standards referred to as the Network Endpoint Assessment (NEA).
NEA is still in the standards process and will likely be there for some time. "The IETF is comprised of [sic] individuals, while TNC was developed by member companies," explains Steve Hanna, co-chairman of both the IETF and TCG NAC working groups. Because contributions to IETF initiatives are often from many individuals around the globe via e-mail, whereas the TNC approach is more streamlined because of limited participation, the IETF process takes longer to produce standards.
Hanna explains that the IETF initiative has been under way for over a year, yet there hasn't been an agreement about what the standard should look like. He says he believes the process could take several more years. But does that imply that those who may be waiting for an IETF standard before deploying a NAC system should continue to wait that long?
Wait or deploy?
Recently, I moderated a NAC panel arranged by a network security consulting company. Potential and current NAC users took this opportunity to grill the panel -- which consisted of representatives from Cisco, Hewlett-Packard's ProCurve unit, Symantec and Juniper Networks -- on NAC product offerings and directions.
Without a doubt, the lack of a single, unified standard was on the minds of many of the attendees. When asked if users should wait to deploy NAC until the standards had settled, however, all representatives were unanimous in stating that if there is an immediate need and a solution exists, then deployment now is preferable.
Still, there is a gamble about whether the standards will converge at all. Hanna has hopes that the IETF will eventually be aligned with the TNC initiative. Cisco Systems may not yet be on the TNC bandwagon, but the company supports the IETF initiative and has partnered with Microsoft to ensure interoperability with NAP. Adding the fact that Microsoft donated a standard (download PDF) for the TNC client and a standard to work with the NAP system, it's clear that there is already movement toward that convergence.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Virtual magic: HR specialist throws out 40 servers, adds 8TB SAN and saves $100,000 for disaster recovery 2008-12-01 15:28:00+11
Sybiz adds up for SMEs in downturn 2008-12-01 14:27:00+11
EXCOM scores back-to-back award trifecta 2008-12-01 10:46:00+11
Citect extends SCADA networks with mobility solutions 2008-12-01 09:48:00+11
Citect extends SCADA networks with mobility solutions 2008-12-01 09:48:00+11
Best Practice in Building an Integrated Information Management Strategy
Discover the business value that creating an integrated information platform can bring. Learn how to provide consistent, accurate information to all stakeholders within your business network. Integrate vital data from disparate sources and deliver a trusted information foundation. Read on to uncover the stepping-stones to your new information management strategy.
Buying Guides
Buying Guides
