Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: NAC devices - opinions sought
From: Brian Friday <bfriday () LASIERRA EDU>
Date: Tue, 20 Feb 2007 16:30:05 -0800

We demoed a mirage solution here in October of last year and rejected
it as a solution. The reason for the rejection could be simply summed
up by the words "fully functional only with additional hardware /
software purchase".  The long summation is below.

The normal mirage box is functionally very similiar to all other non-
agent boxes in that it deals with traffic by monitoring / injecting
data via span ports. Our demo didn't last long enough really to get a
lot of good data from this monitoring on our existing network (demo
guy double booked our unit). So I can not give detailed specifics on
what we found.

The deal breaker for us with mirage was identifying isolated machines
and operators of those machines. Mirage has no correlation between
user and machine rather the machine is isolated to either be fixed or
have the user call for support. Something that we felt would be a
gigantic step back in servicing our rather small community and
significantly increase our support costs.

To get the ability to correlate an isolated machine to a physical
user would require the purchase of an additional hardware box which
at the time had not been released and based on a quick view of
Mirage's website appears still to be unreleased. Granted this might
have changed since our demo and perhaps the engineer provided to us
did not correctly explain the features.

So to the cons side I would add:

hidden costs for additional hardware to meet functionality requirements,
very costly when implemented in a multi-vlan environment (price is
effected by number of vlans monitored).

I believe packetfence is capable of doing both the agentless nac as
well as captive portal on the same box which puts it in a different
league from Mirage. Caveat, I have yet to have time to put a
packetfence system online so this information is just from the
reading I have been able to do.

Brian Friday
Infrastructure Manager
Information Technology
La Sierra University
Riverside, CA 92515
Tel: (951) 785-2900
Fax: (951) 785-2908
bfriday () lasierra edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault