RealTime IT News

Cisco Stirs up NAC Line

Cisco Systems is hoping to increase its lead in the Network Admission Control space (NAC) with the rollout of its NAC 4.0 appliance.

The new technology comes as other vendors, both complementary and competitive, strengthen their own network control initiatives.

NAC is a network-based approach to authenticating and enabling access to users and services across a network.

Cisco's latest NAC appliance handles various network connection methods, including remote access, wireless and traditional wired network deployments.

Rohit Khetrapal, Cisco's director in charge of NAC Appliance, said that the new device now allows for deployment both inline or out of band.

"What we've done is added layer 3 out of band and what that does is allow for a centralized deployment model," Khetrapal told internetnews.com.

The new device also provides for single sign on for VPN clients, as well as Windows Active Directory domains.

Microsoft has its own NAC-like initiative, called NAP (Network Address Protection), which is set to appear in Windows Vista.

Thanks to a 2004 deal, NAP and NAC will work with each other. But there are also competitive NAC solutions from other vendors.

Among them are Juniper Networks and the Trusted Network Computing (TNC) Group, which provides Cisco NAC alternatives.

Typically NAC requires some form of hardware to help implement it. But NAC vendor InfoExpress has a Dynamic NAC offering (DNAC) that takes a peer-to-peer approach.

Cisco's Khetrapal isn't overly concerned about the competition.

"From an early market capture we're already on our way," Khetrapal said. "We feel that Cisco NAC is already making inroads into the customer base. In comparison, we don't see that much from our competitors."

Khetrapal doesn't think that either Juniper or its partners at TCS have a holistic true NAC solution in place.

"From an assessment perspective it has some serious gaps," Khetrapal said. "From a deployment within an infrastructure approach, it has significant gaps, and I can touch upon them until the cows come home."

In general, other vendors have the basic NAC approach, but Khetrapal's thinks they're missing some critical components.

"Are you truly assessing the device? Are you identifying the user? And once you've taken care of the identity of the user and the asset, are you able to fix that machine right there or are you just passing the problem to the help desk?

"We don't think the entire block problem is being addressed by all parties," Khetrapal said.

For a "true" NAC, as defined by Khetrapal, the network has to recognize the identity of the user and the asset, as well as guarantee enforceability.

Khetrapal admitted that the various NAC-like technologies do provide some confusion.

"Anytime there is a mass technology rollout or something that comes in from a new-definition perspective, at first we're going to have everybody coming up with their own approach to it," Khetrapal said.

"The good thing is that Cisco defined it very early in the process."