Product Guides- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
Senior Editor Tim Greene clarifies issues surrounding the evolving NAC security architecture.
NAC would prove useful enough to one potential user of the technology that he is considering buying an interim NAC product for use over the next three years with the long-term intention of shifting to Microsoft's NAC flavor, network access protection (NAP). (Compare NAC products)
An important feature the product chosen must have is that it be clientless because with desktop management software and antivirus software and VPN software already on corporate machines, he just doesn’t want one more client to deal with.
For that he already thinks that he will use Microsoft’s NAC client that comes as part of XP Service Pack 3 and Vista client software.
Meanwhile, the company has about 1,500 employees with more than 100 consultants that need network access at any given time, and he would like to know whether they have had their antivirus software (Compare antivirus products) updated recently. He realizes that doesn’t ensure the machines are clean, but it reduces the likelihood that they are infected.
That level of risk mitigation is valuable enough that he is willing to spend $60,000 for an interim NAC solution until he feels NAP will be fully featured enough in three years. Then he will switch over to NAP.
The product chosen must also require no alterations to existing network infrastructure such as switches and firewalls in order to enforce NAC policies. He doesn’t want to have to re-work virtual LANs.
The big problem he faces is convincing the people who control budgets at his business that NAC will have a return on investment. He says that he is relying on the argument that the cost of cleaning up viruses that manage to sneak onto the network via un-scanned machines would outweigh the investment in NAC.
Tim Greene is senior editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comments (3)
A perfect recipe for ForeScoutBy Anonymous on September 30, 2008, 1:47 pmthe scenario outlined - no agents, out of band, no network changes, easy to manage, identify all IP's, handle known AND unknown endpoints with correct level of enforcement,...
Reply | Read entire comment
Ideal solution is tough given those constraintsBy toddhooper on September 30, 2008, 12:55 pmInteresting article. I'm sure the wishlist is fairly typical of IT managers in that situation. Certainly when we designed the Napera solution for the SME we had...
Reply | Read entire comment
Try Avenda SystemsBy Anonymous on September 30, 2008, 10:04 amWe're looking at a Microsoft partner that brings together existing MS NAP and whatever NAC equipment that's out there. We talked to them in a Microsoft partner event...
Reply | Read entire comment
View all comments