Interop: NAC authentication is where we screw up
From the 'truth hurts' files:
LAS VEGAS. The promise of NAC has been around for years and users want to know when it will finally be ready. That's the message that audience members of a panel event on NAC (network access control) delivered to vendors including HP ProCurve, Cisco, Microsoft and Juniper Networks. The panel also includes a system consultant who frankly told the audience that to date the industry has left a gaping hole when it comes to figuring out how to do NAC authentication.
"Authentication is where we screw up as an industry," Jennifer Jabbusch, CISO, Network Security Specialist, CAD, Inc said. "We haven't made it easy enough. We have 802.1x but it's hard then we have MAC auth but nothing in between."
802.1x is a port based security mechanism while Mac is an identification mechanism for hardware. Mauricio Sanchez, Chief Security Architect, HP ProCurve Networking said that many organizations are simply not ready for 802.1x so they use MAC address authentication.
Khaja Ahmed, Windows Networking Security at Microsoft agreed with Hanna but added that the practical reality is that MAC addresses are thought of as authentication mechanisms by many organizations.
The panel also responded to a member of the audience that asked when would NAC finally be ready.
Alok Agrawal, Manager Product Marketing at Cisco noted that they have customer with 30,000 plus end point under NAC. He added that Cisco is also working in IETF to help standardize NAC specification across vendors.
"When will NAC be here?" Microsoft's Ahmed said."Don't think of this as a thing that isn't here then it is.
You have NAC today companies are using it today, how much can be protected depends on you, the more complex your infrastructure the harder it is, but that's the nature of all IT complexity."
Photo: Sean Michael Kerner (from left to right:Jennifer Jabbusch, Mauricio Sanchez, Alok Agrawal, Khaja Ahmed, Stephen Hanna)