Technical Approaches
Customers taking the NAC plunge face a variety of technical approaches. Those include agent-based solutions, inline and out-of-band appliances, and NAC capabilities that are integrated on switches. At times, a combination of those styles may be found in a solution.
Agent-based NAC relies on software that resides on endpoint devices. Generally, the agent software communicates with, and authenticates to, a server in the network or an appliance, noted Jeff Falcon, senior security specialist with solution provider CDW.
Inline appliances enforce access policies, residing between an organization’s access switches and core switches -- directly in the flow of network traffic. The out-of-band approach usually involves the use of software agents installed on endpoint devices that direct traffic to the appliance as users come on to the network. ConSentry Network’s LANShield Controller provides an example of an inline switch, while products such as Lockdown Network’s represent the out-of-band approach.
The integration option brings NAC capability to the switch itself. ConSentry Network’s LANShield Switch, for instance, provides built-in authentication and posture check capabilities to control network access.
“It becomes challenging for the customer to analyze all the licensing and the various options available,” noted Falcon. “What I see happening down the road is more of a consolidation” featuring more streamlined licensing and a single platform to help simplify NAC, he said.
Total messages: 0