GCN Tech Blog

By GCN Staff

Blog archive

NAC knock

TechTarget's SearchSecurity.com has been devoting a fair number of articles and podcasts on the difficulties that Network Access Control has had in gaining traction in the marketplace.

What the Security Wire editors are finding is that NAC is not being deployed as widely as vendors have hoped.


Why are organizations so hesitant to use this security technology? It's too complex to deploy easily, too difficult to justify the cost, and too much of a risk to invest in third-party products when Microsoft has embedded something similar within the soon-to-be-released Windows Server 2008, SearchSecurity asserts.

"It's very expensive for some, complicated for others and most IT shops have found other ways to deal with access management," said Bill Brenner, senior news writer, in the January 21 Security Wire Weekly podcast.

In the January 23rd edition of the podcast, Robert Westervelt interviewed Dave Bixler, the chief information security officer for Siemens IT Solutions and Services.

Bixler explained that the company, wishing to control its network access, started looking at NAC as an alternative to the 802.11x network access control standard, which is complicated to deploy.

NAC didn't really make sense for the company though.

"There's a lot of infrastructure to make NAC work," Bixler noted. It would require some significant changes in the company's architecture.

"They kind of work, but they are not easy to deploy in an enterprise environment. If I have a small office, they are pretty easy to put in, but as I start looking in 11, 12, 15, 30 offices, it becomes a bit more challenging to deploy a really solid usable NAC solution ubiquitously," Bixler said.

Also, for its cost, NAC was hard to justify. Siemens hasn't had a case yet where an employee plugged an infected laptop into the internal network. Nor has anyone snuck into a work facility and tried to log into the internal network with his or her own computer.

If NAC sales have been sluggish, it may be due to the fact that most organizations are waiting to see what Microsoft and Cisco have in store.

Microsoft rolls out Network Access Protection, a lightweight version of NAC built into Windows Server 2008 and Windows Vista. Cisco will support NAP with its own routers. As a result, organizations may not want to invest in third-party NAC products until they can see what the built-in NAP can do.

"With so many different security priorities, you kind of have to weigh if NAC is the one thing I need to put at the top of my list, or could I put it off for 18 months to see what Microsoft does," Bixler said.

Posted by Joab Jackson on Feb 21, 2008 at 9:39 AM


Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.