Home page logo

educause logo Educause Security Discussion mailing list archives

Re: NAC devices - opinions sought
From: David Gillett <gillettdavid () FHDA EDU>
Date: Tue, 20 Feb 2007 13:21:43 -0800

  At RSA this year (week before last) I attended several NAC presentations.
The big three
currently seem to be Cisco (our infrastructure is mostly not Cisco),
Microsoft (our current
population is about 40% Macintosh, and not all of the Windows are XP/Vista
and AD), and
an effort by the IETF toward an open standard that client agents and policy
servers can use to talk to one another.  This latter effort is likely to
improve the availability
of open-source offerings....

  My shopping list includes:
cross-platform support (Macs aren't going away in any timeframe I can plan
"agentless" (new term is "dissolving agent") since we cannot require
installation on clients we don't manage
802.1x supported but not required (we're just starting to get equipment that
supports it, and building the IDM back-end support)
more generally, works with our current and near-future infrastructure (i.e.
not just Cisco)
has a "don't act, but show me what you would have done" eval mode

  A year ago, I'm not sure any vendor could meet all of those criteria --
now, there are probably
at least 6, and perhaps as many as a dozen, and they don't all meet them in
the same way.

David Gillett


From: David Boyer [mailto:David () BVU EDU]
Sent: Friday, February 16, 2007 2:50 PM
Subject: [SECURITY] NAC devices - opinions sought

Anyone familiar with Ciscos Network Admission Control (formerly Cisco Clean
Access, formerly Perfigo), Juniper Infranet, Symantec Network Access Control
or similar software/appliances?

Like many schools, we have a 1:1 ration of computers to students. We'd like
to avoid letting vulnerable or malware-infected systems onto our network
while simultaneously addressing the infection or vulnerability. Almost all
of our systems are running Windows XP or Windows 2000.

I'd be interested in hearing about your experiences with these or similar
solutions. Any open-source solutions that you know of?

Thanks in advance,

David Boyer
Buena Vista University

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]