Product Guides- Windows 7 beta shows off task bar, UI goodies
- How the yellow first-down line actually works
- Outlook '09
- Microsoft research projects to improve our lives
- Ballmer sets loose Windows 7 public beta
Senior Editor Tim Greene clarifies issues surrounding the evolving NAC security architecture.
NetClarity is shipping a new version of the software for its NACwall appliances that automatically checks the vulnerability of devices such as laptops that have been unplugged from networks and then return in an unknown security state.
These devices can immediately be allowed back onto the network by policy without undergoing a NAC scan if they are classified as trusted. Then after they are on, they are scanned in the background.
The rationale given by NetClarity is that thorough scans can take a long time and it hurts users’ productivity to wait. Under this scheme, users gain immediate access and get to work. If the machine is found to be insecure, its access can then be restricted.
This diverges from what NAC was set up to do - check the security posture of devices before they get on the network. But it is a tradeoff between risk mitigation and productivity. Even if a device passes a NAC scan there is no guarantee that it is uninfected.
The new version of NetClarity software also can block devices performing malicious activities with in 10 milliseconds on average, the company says. So if a machine is allowed onto the network either with or without an endpoint check and then misbehaves, its access can be cut off quickly, limiting damage it can do.
NACwall enforces policies via instructions to switches, using common line SSH or TELNET instructions.
In addition to blocking access, the devices can send alerts, audit the offending machines or any combination of these options.
The software also enables the NACwall appliance to preside over eight physical subnets, which is up from just one and makes
for a more efficient NAC deployment in networks with multiple virtual LANs. (Compare NAC products)
Tim Greene is senior editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comments (3)
To anonymous, Apparently you have an ax to grind, but that doesBy Anonymous on September 18, 2008, 3:51 pmTo anonymous, Apparently you have an ax to grind, but that doesn't change the fact that a vendor with products to sell and customers to reference has upgraded its...
Reply | Read entire comment
The first comment was spoken by a truly scared competitor. MuchBy Anonymous on September 18, 2008, 2:19 pmThank you for your harsh words. Any chance you can take this fight out into the market place or an independent lab review instead of dirtying up Network World's...
Reply | Read entire comment
RidiculousBy Anonymous on September 18, 2008, 2:00 pmEvery decent NAC vendor offers similar functionality. Known/unknown, trusted/untrusted, time-based scans, etc. NetClarity isn't even a player in the NAC space -...
Reply | Read entire comment
View all comments