2006 Secured NAC's Likely Future

Standardized or not, truly secure or not, well-defined or not, NAC is here to stay under whatever name it travels.

By Sean Michael Kerner | Posted Dec 27, 2006
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

The popularity of network access control (NAC) surged in 2006, with every vendor, big and small, boasting about their respective NAC or NAC-like solutions.

NAC is intended to perform some kind of endpoint admission and control by validating users on a network, ensuring they have the right credentials, enforcing policy and making sure they have the requisite security patches.

In other words, it keeps networks clean and keeps the bad guys out.

One of the most talked about NAC revelations of the year was that not all implementations are as secure. The NAC world was buzzing when a security researcher at the Black Hat Conference detailed how NAC solutions using DHCP (define) could be bypassed with relative ease.

Nearly every networking security vendor rolled out or re-branded some form of NAC solution in 2006, though the two biggest names in NAC were likely the two biggest names in networking security.

Cisco, which started the whole NAC craze under the guise of its Self-defending Network initiative, updated its core NAC appliance in 2006. Not to be outdone, Juniper Networks, Cisco's rival in the networking security space, rolled out UAC (Unified Access Control), its own version of NAC.

Juniper is taking the angle of open standards for NAC by embracing Trusted Computing Group's Trusted Network Connect standards for its UAC 2.0 solutions. The TNC specifications are supposed to enable a degree of interoperability between TNC compliant solutions offered by different vendors.

Juniper has argued that Cisco's NAC is a proprietary model, whereas the TNC model is open, enabling wider participation and negating vendor lock-in.

Microsoft began brewing its own NAC-like framework called NAP (Network Access Protection), which, when it's released in 2007, will work with Cisco NAC and may also interoperate other solutions.

Beyond just competing frameworks for NAC, the openness of NAC and its various implementations may also be impeded by the various patents that vendors hold on elements of NAC or NAC-like technologies.

Networking security vendor Mirage Networks was awarded a patent for its approach to NAC. Though other NAC vendors, including Lockdown Networks and Nevis Networks, disputed the importance of the Mirage patents, Cisco and Juniper are either pursuing or already hold patents of their own in the space.

Arguments about when NAC should be deployed and when it will actually become pervasive underscored its popularity in 2006.

There were some in 2006 who argued that the time for NAC is now. Statistics from Infonetics Research show that enterprise adoption is already at 50 percent. Networking vendor StillSecure has also strongly argued that the time for NAC is now, because the need is now.

Yet a majority of a NAC panel at the Interop trade show in New York, which included Cisco, Juniper, Microsoft and StillSecure, argued that NAC will be widely adopted in five years.

The vendors also agreed that NAC is likely to look somewhat different in five years.

Regardless of when NAC actually does become as pervasive as networks themselves and which vendor or standard will be the leader, one thing is fairly obvious. If 2006 is any indication, NAC is here to stay.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter