RealTime IT News

LANDesk Gives in to 802.1x NAC

Management software maker LANDesk is set to embrace 802.1x for network access control (NAC). To date LANDesk has used other approaches to NAC, including DHCP .

LANDesk's move to 802.1x is part of what the vendor considers the maturation of the NAC marketplace, both in terms of vendor solutions and customers' needs.

802.1x is an IEEE standard that provides for port-based security. With 802.1x, a network can figure out at a port-by-port level who is accessing the network and what kind of access to allow.

With its 802.1x move, LANDesk joins an increasingly crowded landscape of 802.1x NAC solutions.

"We've seen a maturity in the understanding of what NAC can provide as an overall part of a layered security solution," Nathan McLain, NAC product manager for LANDesk, told internetnews.com. "I still think at this point that we're ahead of the curve when it comes to NAC."

LANDesk has been offering NAC capabilities in its product line for over a year and is interoperable with Cisco's NAC solution. LANDesk is also expecting to support Microsoft's NAP when it becomes available in Windows Longhorn server later this year.

According to McLain, the decision for an enterprise to choose one approach to NAC implementation or another is all about the deployment environment.

"People who are interested in DHCP are interested in NAC for different reasons; they've got users that provide a different set of security vulnerability problems than somebody that would be interested in 802.1x," McLain explained.

DHCP approaches to NAC implementation typically can overlay on top of existing infrastructure and do not require enterprises to replace switches in order to support new technology. On the other hand 802.1x is something that does typically require an investment in networking hardware and know-how.

"It's so much easier to roll out a DHCP solution than 802.1x," McLain said. "Though we've made it easy, it requires more networking expertise to be able to manage and configure, as it's an area of NAC that is more complex."

Though 802.1x is more complex, some consider it more secure than DHCP based approaches that which security researchers have poked holes in. That's not to say that 802.1x is infallible, as Cisco recently discovered.

McLain also doesn't consider LANDesk to be coming late to the 802.1x game. He said the demand is just coming online now even though the technology isn't exactly new.

"Everyone is talking about NAC, and that it's needed, but we've really seen slow adoption," McLain said. "It's only in the last month or so that I've seen a lot of traction from different IT departments to really tackle this now."

Among the reasons cited by McLain for the slow adoption is the lack of understanding in the enterprise about what NAC is all about and what solutions and options are available. In his view many customers just didn't understand what it is they were asking for.

There is also a fear factor for enterprise when it comes to NAC adoption.

"The biggest fear of why it's not implemented is they're afraid of what it will do to their network," McLain said. "They're afraid they'll have people shut down and it won't work automatically for them. It can be painless if approached from an understanding of what needs are."

LANDesk is expected to include the new 802.1x NAC functionality in the May 9 update of their product suite. LANDesk will be marking another important milestone the week before the release, the one-year anniversary of its acquisition by Avocent for $416 million.