RealTime IT News

Patented: Network Access Control Tech

Network Access Control (commonly referred to as NAC) is one of the hottest trends in networking. Although Cisco helped popularize the term (or at least an implementation of NAC), another company just snapped up a patent for it.

Mirage Networks has been awarded US Patent #7,124,197 for its NAC technology.

The official title, according to the U.S. Patent and Trademark office, is "Security apparatus and method for local area networks." The invention "includes a method and apparatus for controlling data link layer access to protected servers on a computer network by a client device."

Grant Hartline, CTO for Mirage Networks, told internetnews.com that the patent embraces a peer-based model, but does not dictate one. "In the world of IPv4, this would cover approaches like ARP (Address Resolution Protocol), which is used in the example shown in the patent," Hartline said. "The methodology in the patent could also include the use of DHCP."

Mirage filed for the patent in October of 2002, well before the term NAC became popular. "Although we are unsure (at this moment) of whether it predates Cisco's NAC, it was certainly filed before Cisco was presenting NAC publicly," Hartline said.

A Cisco spokesperson declined to comment to internetnews.com about Mirage's claims. However, the spokesperson did confirm that Cisco also has at least one patent related to NAC technology. "It's safe to say that NAC covers a broad range of technologies and standards," Cisco spokesperson Neil Wu Becker told internetnews.com.

"The patent awarded to Cisco is on NIC (Network Incident Containment, with some NAC claims) and we have a pending NAC submission as well." He said both of these are true solution patents that cover the fundamental architectural aspects rather than specific widgets or techniques.

Among its NAC solutions, Cisco is also known for NAC implementations that take advantage of the 802.1x port-based security protocol. Juniper Networks recently launched UAC 2.0 solution also has an 802.1x component. A Juniper spokesperson told internetnews.com that has its own patent is related to UAC.

According to Mirage's Hartline, US Patent #7,124,197 does not cover 802.1x NAC implementations. Mirage has about 10 patents pending. But just because Mirage holds the patent doesn’t mean that others can't benefit from the invention. Hartline noted that Mirage has an active technology licensing program and this area is no exception.

Mirage Networks NAC solution is also not necessarily a standalone technology either. It could work with solutions that are compatible with the Trusted Network Connect NAC standards (that are embraced by Juniper and others) and even Microsoft's own version of NAC, Network Access Protection (NAP). "The patent neither requires nor prevents integration with any other architecture," Hartline explained. "Mirage is a member of TNC, and is a Microsoft NAP partner. The Mirage v3 product can coexist today with any of the architectures cited, but does not require them."

The impact of the Mirage patent according to at least two vendors of NAC solutions may not be all that much. Both Lockdown Networks and Nevis Networks note that the solution detailed by Mirage has flaws and isn't necessarily the best way to enforce network security.

Dan Clark, VP of marketing for Lockdown Networks, told internetnews.com that the ARP (Address Resolution Protocol) approach taken by Mirage isn't the right way to enforce policy because it uses agents to help enforce access policies. "While ARP is a bit harder to defeat than DHCP, it's still far too easy to bypass," Clark said. "Lockdown prefers to enforce access on network control points like switches or WAPs, making enforcement much more robust."

Nevis Networks, a networking security systems provider, waved off the impact of the Mirage patent. "This announcement from Mirage is really quite insignificant in the grand scheme of things, as far as NAC and LAN Security are concerned," Nevis spokesperson Kristi Kilpatrick told internetnews.com. From Nevis Network's perspective, she added, it's a stretch for Mirage to say they have a NAC solution at all, since they are primarily focused on the detection and mitigation of Malware after authentication.

"Mirage is another company trying to catch the "buzz" wave of NAC, by re-purposing a technology designed for a whole other purpose."

According to a recent report from Infonetics Research, NAC is more than just a buzzword. Their research reports that nearly half of all large enterprise in North America have already deployed the technology.