By Chip Brookshaw on March 17th, 2007
Until now, IT’s main security-related job has been authenticating and granting access to trusted users, while keeping the bad guys out of the network. Yet, as several high-profile incidents have shown, the systems of trusted users can wreak system wide havoc by inadvertently introducing malware, viruses and other threats into the network.
Mobile technologies and dispersed workforces have blurred the edges of the corporate network. Remote access means flexibility and freedom for employees, but it also introduces a slew of vulnerabilities. Add the need for a company’s partners, customers, contractors and other guests to connect to the corporate network, and you have the makings of a security meltdown.
IT now needs to ensure that trusted users and devices don’t create security risks. That’s the problem that Network Access Control (NAC) seeks to solve.
The reality of NAC implementation is, of course, far from straightforward. However, there are basic building blocks to a NAC solution:
NAC solutions take three main technical approaches, although many products integrate one or more of these methods:
Dozens of vendors vie for a slice of the NAC market. Several large infrastructure players now include NAC functionality in their products, while numerous pure-play vendors jockey for position and market share. Although there has been some work on standards setting, progress in this area has been slow.
Cisco Systems was an early leader in the NAC market with its Network Admission Control technology, which is embedded in the company’s hardware. Microsoft’s contribution to the market is the Network Access Protection platform, which the company is integrating into its operating systems. The two companies are also collaborating to build interoperability between their respective technologies.
Meanwhile, the Trusted Computing Group is leading the Trusted Network Connect initiative, an attempt to develop standards for the NAC market in the hopes of advancing interoperability.
It’s not yet clear how NAC solutions will evolve to deal with other aspects of network security, such as intrusion detection and client management. Perhaps NAC functionality will be integrated into other types of security products. Security vendors such as Symantec and Trend Micro already offer solutions that combine NAC with client-side security.
Regardless of how the market evolves though, it’s a good bet that companies will want to approach security more holistically to create efficiencies and improve their overall security posture.
Network-Based Intrusion Detection
Network Intrusion Prevention Security Systems