The popularity of network access control (NAC) surged in 2006, with every
vendor, big and small, boasting about their respective NAC or
NAC is intended to perform some kind of endpoint admission and control by validating users on a network, ensuring they have the right credentials, enforcing policy and making sure they have the requisite security patches.
In other words, it keeps networks clean and keeps the bad guys out.
One of the most talked about NAC revelations of the year was that not all implementations are as secure. The NAC world was buzzing when a security researcher at the Black Hat Conference detailed how NAC solutions using
DHCP (define) could be bypassed with relative ease.
Nearly every networking security vendor rolled out or re-branded some form
of NAC solution in 2006, though the two biggest names in NAC were likely the
two biggest names in networking security.
Cisco, which started the whole NAC craze under the guise of its
Self-defending Network initiative, updated its core NAC appliance in 2006. Not to be outdone, Juniper Networks, Cisco’s rival in the networking security space, rolled out UAC (Unified Access Control), its own version of NAC.
Juniper is taking the angle of open standards for NAC by embracing Trusted
Computing Group’s Trusted Network Connect standards for its UAC 2.0 solutions. The TNC specifications are supposed to enable a degree of
interoperability between TNC compliant solutions offered by different
Juniper has argued that Cisco’s NAC is a proprietary model, whereas the TNC
model is open, enabling wider participation and negating vendor lock-in.
Microsoft began brewing its own NAC-like framework called NAP (Network Access Protection), which, when it’s released in 2007, will work with Cisco NAC and may also interoperate other solutions.
Beyond just competing frameworks for NAC, the openness of NAC and its
various implementations may also be impeded by the various patents that
vendors hold on elements of NAC or NAC-like technologies.
Networking security vendor Mirage Networks was awarded a patent for its approach to NAC. Though other NAC vendors, including Lockdown
Networks and Nevis Networks, disputed the importance of the Mirage patents,
Cisco and Juniper are either pursuing or already hold patents of their own in the space.
Arguments about when
NAC should be deployed and when it will actually become pervasive underscored its popularity in 2006.
There were some in 2006 who argued that the time for NAC is now. Statistics from Infonetics Research show that enterprise adoption is already at 50 percent. Networking vendor StillSecure has also strongly argued that the time for NAC is now, because the need is now.
Yet a majority of a NAC panel at the Interop trade show in New York, which included Cisco, Juniper, Microsoft and StillSecure, argued that NAC will be widely adopted in five years.
The vendors also agreed that NAC is likely to look somewhat different in five years.
Regardless of when NAC actually does become as pervasive as networks
themselves and which vendor or standard will be the leader, one thing is
fairly obvious. If 2006 is any indication, NAC is here to stay.