Home >> Information Architecture >> Identity Management

A knack for network access control

By: Andreas Antonopoulos On: 01 Aug 2007 For: Network World Canada Creator

Network access control is a huge topic of discussion in IT and a focus of activity among vendors. Over time, the acronym has become almost generic through overuse and the definition varies.

Network access control is a huge topic of discussion in IT and a focus of activity among vendors. Over time, the acronym has become almost generic through overuse and the definition varies. When I asked IT executives how they define it, the core of consensus is that NAC revolves around three things:

* Admission control, which is the ability to selectively let hosts attach to the network and stay attached — a key to NAC, according to all who answered this question.

* Health checks, which is the ability to see that connecting systems are up to date on patching, antivirus and the like, made part of the definition of NAC by a majority of respondents.

* Access control, which is the ability to say which hosts can see or do what while attached. A minority of those surveyed cite this as ideal in a NAC system. A CISO at a financial-services company explains this feature as “the ability to validate end-systems prior to gaining access and then controlling where they are allowed to go once they are on, much like user management should be.”

Few of the respondents actively practice NAC now. Being able to connect to the VPN is the extent of NAC for most external hosts, for example, and there is no access control on LAN ports. Only about 14 per cent of respondents apply endpoint checks for application and operating system patching; the presence of firewalls, antivirus or antispyware; USB-attached devices; and password strength. However, nearly 60 per cent wish they could be applying checks at least for firewalls, antivirus and antispyware tools, and about 40 per cent desire password and operating system checks. Less than a third want application checks.

Cost and complexity explain most of the gap between the level of checking desired and implemented; NAC can require added network infrastructure and sometimes upgrades to existing network equipment, for example, to support the 802.1x standard for authenticating network access at the switch-port level. Although few are spending anything on NAC yet, everyone feels future spending on NAC is likely (most feel certain) to go up.

Applying admission, health and access controls on endpoints sounds enticing. But until it can be done without network overhauls and with more broadly interoperable protocols, adoption is likely to be slow and spotty.

Sign up for our Newsletters

Tags: operating system, firewalls

Close X

Your Name:

Your E-mail:

Friend's Name:

Friend's E-mail:

Close X

| Views: 498 | Rating:

(0 votes)

Rate this article on a scale of
1 to 5 stars,5 being the best.

Close X

Page 1

Quick Access

Video Conferencing Cloud Computing Resource Centre CIO Canada's Brainstorm Centre CIO Canada Debate

Andreas Antonopoulos is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.

SonicWall adds muscle to UTM, SSL VPN lines

The company adds the TZ 210 to the top of its unified threat management appliances for SMBs, while improves the firmware for its Aventail remote access devices

Closing the holes in a network

Network access control is a great solution for security, but it only works if every node on the network can be discovered. One company has a way to find “black boxes” used in industrial applications, and others are coming to the market

Cisco offers Nexus 7000 as data centre challenger

The gear maker's switch, to be run by the new NX-OS operating system, is the first of a series of devices designed to meet the possibilities offered by 10Gigabit Ethernet connectivity and beyond

EXFO upgrades Power Blazer modules
exfo electro-optical engineering inc. has added multi-stream test support on its ftb-8120nge, ftb-8130nge, iqs-8120nge and iqs-8130nge power blazer multi-service test modules. the quebec city company said the ftb-8120nge and ftb-8130nge modules are housed inside the ftb-2

blog comments powered by Disqus

Most Popular

Articles

Most Viewed
Most Emailed
Top Rated

Most Viewed
Most Emailed
Top Rated

Shaw wins Internet deal with city of WinnipegBy: Howard Solomon (16 May 2012)Shaw Communications has scored a big win in its campaign to extend its services to municipalities. The Calgary-based cableco won a bidding contest to ...
The social media skill sets a CIO's staff will needBy: Sharif Faisal (10 May 2012)The question is no longer ‘who is on social media?’; it is ‘who isn’t?’ Nearly 20 million Canadians communicate via soci ...
Open source Java moving to Linux, AIX on PowerPCBy: Paul Krill (11 May 2012)SAN FRANCISCO -- Open source Java will be brought to the PowerPC architecture for Linux and IBM's AIX OS under a proposal floated lastweek that could ...
Open source for an open governmentBy: Brian Bloom (10 May 2012)One article this week seemed to attract the most attention from our commenters (or at least, the longest comments). We wrote about the 10th anniv ...
The cost of open data: A Canadian lawyer's analysisBy: Lou Milrad (14 May 2012)We’ve started hearing a lot over the last year or so about “open data”, particularly in the municipal sector. It’s all ab ...

The new DDoS: Silent, organized and profitableBy: Brian Bloom (5/24/2012 3:46:00 PM)Depending on how unscrupulous your business practices are, a denial-of-service attack can give you a competitive advantage. From keeping competitors o ...
Keep up with SAP patches, researcher urgesBy: Loek Essers (5/24/2012 1:57:00 PM)More than 95 per cent of over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches ...
Upcoming Salesforce.com release adds real-time chatBy: Chris Kanaracus (5/24/2012 12:17:00 PM)BOSTON -- Salesforce.com, which has placed ample emphasis on its Chatter social networking application, will actually begin providing real-time chat f ...
Dark places, white spaces and soft skills in IT By: Brian Bloom (5/24/2012 11:07:00 AM)This past week we’ve had a good mix of comments from our readers who, as always, made us think a little harder about the Canadian IT topics ...
Up-and-coming tech jobsBy: Mary K. Pratt (5/24/2012 9:11:00 AM)Any study of the IT labor market is likely to find that project managers and business analysts are in demand, but what about cloud transformation of ...

VIDEO: Why IT pros need 'soft skills'By: Brian Bloom (23 May 2012)Unemployment in the high-tech sector is low. But are IT pros getting the jobs they want? Stafflink CEO Tim Collins explains why having impressive ...
Open source Java moving to Linux, AIX on PowerPCBy: Paul Krill (11 May 2012)SAN FRANCISCO -- Open source Java will be brought to the PowerPC architecture for Linux and IBM's AIX OS under a proposal floated lastweek that could ...
Why integrate Wi-Fi radios into small cellular cellsBy: Ajay Kumar Gupta (15 May 2012)FRAMINGHAM, Mass -- (Gupta is team lead at Wesley Clover Communications Solutions, which develops solutions from Canadian companies -- including Mitel ...
CEOs demand CIOs prepare for growth and mobilityBy: Mark Chillingworth (15 May 2012)CEOs have shifted their position and are releasing funds to CIOs that have innovations for mobile users and revenue generation ideas, finds the CIO Su ...
The social media skill sets a CIO's staff will needBy: Sharif Faisal (10 May 2012)The question is no longer ‘who is on social media?’; it is ‘who isn’t?’ Nearly 20 million Canadians communicate via soci ...

Related White Papers

IBM Infosphere Master Data Management Server 9.0 - Producing better business outcomes with trusted data Help easily integrate master data into any operational process across the IT and business --Click here to read this white paper!

IBM Multiform Master Data Management: The evolution of MDM applications - This white paper reviews traditional approaches to MDM, and covers the evolution of MDM solutions. It outlines the benefits of multiform MDM as well as the pitfalls associated with its alternatives, such as index or reference MDM. Complimentary with registration. Sponsored by IBM.

Proven strategies for uncovering cost savings with IBM DB2 - This e-book, we’ll examine the ways that your enterprise database can help or hinder the bottom line. We’ll also show how IBM® DB2® can help you uncover cost savings while delivering performance, automation, productivity, green IT benefits and more. Finally, if you’re evaluating your IT expenses and looking for changes with the biggest possible system-wide impact, we’ll show you why moving to DB2 should be at the top of your list.

Concise Guide to E-Discovery - Should E-Discovery Be a Top Priority for Your Company? Find out with our new whitepaper outlining the right e-discovery capabilities do for your company.

Driving Data Migration with Intelligent Data Management - Drive Data Migration with Intelligent Data Management – click here to read!

more: White Papers

CIO Canada	ComputerWorld Canada	Network World Canada	Computer Dealer News	Direction Informatique	IT Business.ca
Click Here to Subscribe Now!

IT World Canada Curated
	Job and Career Resources • Canadian IT Jobs • IT Sales Jobs • Salary Calculator • Tech Learning Space	Knowledge Services • CDN ProFIT - Turnkey Marketing solutions • Visability • Knowledge Store
Subscribe Now- Register

Log In

A knack for network access control

Network access control is a huge topic of discussion in IT and a focus of activity among vendors. Over time, the acronym has become almost generic through overuse and the definition varies.

Quick Access

Related Content

Related Videos

Most Popular

Related White Papers

Email
Password