Network Access Control (NAC) is quickly becoming a
generic term for a wide swatch of network access control technologies from
It’s important to note that NAC as a technology is a term Juniper is Currently UAC is in version 1.2, which is what Juniper will be The UAC 2.0 solution will bolt on the new 802.1x technologies that Juniper gained with its acquisition of Funk Software. “Prior to them even getting an IP address it provides the ability “So by supporting the TNC specification, we are able to use the Infranet The net effect of the TNC endpoint spec is that DHCP approaches to NAC were ridiculed by Arkin at Black “And given that Longhorn
used by Cisco
for its product.
Rather than fall in line with the generic, Cisco’s lead rival, Juniper
, is pushing its own term for access control,
which it has dubbed Unified Access Control or UAC for short.
planning on using next week’s Interop trade show in New York as a showcase
for its next-generation UAC 2.0 initiative.
Karthik Krishnan, Juniper Networks’ UAC product manager, explained to
internetnews.com that Juniper originally announced UAC late last
showing in its booth while the next generation 2.0 will be showcased at the
InteropLabs demo, which itself is a showcase of networking
The existing UAC 1.2 solution is comprised of Juniper Infranet controllers, which were released last October.
The 802.1x IEEE standard provides for port-based security.
“What this really provides us with is the ability to provide access control
across the entire duration of a user’s access to the network,” Krishnan
to validate the end point and the ability to validate the user identity and
allow them onto the network.”
Once users are on a network, they can take advantage of the existing
functionality in Juniper’s infrastructure products to provide controlled
access to resources and applications in a very granular format.
Juniper’s UAC is also supporting at least two of the Trusted Network Connect
(TNC) standards. TNC is an effort to provide open standards for access
control. Krishnan noted that there are two TNC specifications that are
relevant to UAC, which Juniper supports.
“The first thing is just using RADIUS
controller to set standard allow/deny decisions on any vendors’ 802.1x switch
or access point.”
The ability to allow customers to leverage their existing infrastructures is
a critical element of UAC, according to Krishnan. In his view, customers don’t
want to necessarily change to a single vendor solution just to make network
The other key TNC specification is one for endpoint solutions to plug into
an access control framework.
any endpoint solutions, regardless if whether it’s patch management or antivirus, will have the ability to write to a single set of APIs and be able to
leverage that against all of the NAC solutions.
Network access control solutions recently came under fire at the Black Hat conference in Las Vegas, where Ofir Arkin, CTO of security
research firm Insightix, explained how easy it was to bypass many non 802.1x
“We’ve taken a lot of pains to make sure the solution is secure and that it
can’t be bypassed,” Krishnan said.
One of those “pains” is to not use some manner of DHCP
Hat as being inherently insecure.
“One of the reasons we haven’t done DHCP is that you can bypass it; it’s
just not very secure,” Krishnan agreed. “It really provides you with a
phantom illusion of access control when you’re not really getting it in the
Krishnan also took aim at the notion that only Cisco will interoperate with
Microsoft’s version of access control called Network Address Protection
“We don’t have an announcement at this time but are having ongoing
conversations with Microsoft,” Krishnan said.
Server isn’t due till the second half of ’07, I expect that when Microsoft
actually ships NAP we will have all sorts of integration with the solution.”
One of the biggest obstacles to access control adoption for Juniper isn’t
necessarily the technology; it’s the crowded nature of the NAC marketplace
“The critical thing is to rise above the noise,” Krishnan said. “Every
vendor is claiming to have a NAC solution.”
Juniper is expected to release UAC 2 to the marketplace in the fourth
quarter of this year.
Currently UAC is in version 1.2, which is what Juniper will be
The UAC 2.0 solution will bolt on the new 802.1x technologies that Juniper gained with its acquisition of Funk Software.
“Prior to them even getting an IP address it provides the ability
“So by supporting the TNC specification, we are able to use the Infranet
The net effect of the TNC endpoint spec is that
DHCP approaches to NAC were ridiculed by Arkin at Black
“And given that Longhorn