Feeds

NAC's looming identity crisis

Will persistence pay off for NAC vendors?

Mobile application security vulnerability report

Current network access control (NAC) technologies are not persistent enough, a security vendor has warned.

Dominic Wilde, product management veep at Nevis Networks, said that most NAC schemes rely on out-of-band appliances which check whether a client device is "clean", and once it passes muster they grant it access.

This makes them easier to install and remove, but he said it also means that once a client has been approved, there's no further control over where the user can go on the network or what they can do there.

"The first thing you need in the security world is to be stateful, so you understand the request going out and marry it to the response coming back," he said.

The second, he added, is to persistently track the user's identity: "Networks are by nature anonymous - you have MAC and IP addresses, but that's meaningless when customers are trying to solve compliance issues of who has access to what and when."

Needless to say, Nevis's security gear doesn't suffer this flaw, Wilde claimed. It sells an in-line security appliance and a secure access switch, both of which have built-in logic capable of controlling what the user can do and where they can go on the network. It also doesn't need agent software on the client to ensure it stays clean, he said.

Speaking as Nevis opened its UK office this week and began recruiting resellers for its devices, Wilde added that part of the problem is that most NAC technology operates at Layer 2 - the switching layer - using techniques such as virtual LANs to quarantine infected PCs.

"People are taking technologies designed for networking and applying them to security, and that's not what they're designed for," he said. Instead, they should work at Layers 3 and 4 - the routing and TCP layers - drawing user information from the corporate directory and using it to create an access policy for each user, he added.®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.