802.1x is an IEEE standard that provides for port-based security. With 802.1x, a network can figure out at a port-by-port level who is accessing the network and what kind of access to allow. With its 802.1x move, LANDesk joins an increasingly crowded
Management software maker LANDesk is set to embrace 802.1x for network
access control (NAC).
To date LANDesk has used other approaches to NAC, including DHCP
LANDesk’s move to 802.1x is part of what the vendor considers the
maturation of the NAC marketplace, both in terms of vendor solutions and
customers’ needs.
landscape of 802.1x NAC solutions.
“We’ve seen a maturity in the understanding of what NAC can provide as an
overall part of a layered security solution,” Nathan McLain, NAC product
manager for LANDesk, told internetnews.com. “I still think at this
point that we’re ahead of the curve when it comes to NAC.”
LANDesk has been offering NAC capabilities in its product line for over a
year and is interoperable with Cisco’s NAC solution. LANDesk is also
expecting to support Microsoft’s NAP when it becomes available in Windows Longhorn server later this year.
According to McLain, the decision for an enterprise to choose one approach
to NAC implementation or another is all about the deployment environment.
“People who are interested in DHCP are interested in NAC for different
reasons; they’ve got users that provide a different set of security
vulnerability problems than somebody that would be interested in 802.1x,”
McLain explained.
DHCP approaches to NAC implementation typically can overlay on top of
existing infrastructure and do not require enterprises to replace switches
in order to support new technology. On the other hand 802.1x is something
that does typically require an investment in networking hardware and know-how.
“It’s so much easier to roll out a DHCP solution than 802.1x,” McLain said.
“Though we’ve made it easy, it requires more networking expertise to be able
to manage and configure, as it’s an area of NAC that is more complex.”
Though 802.1x is more complex, some consider it more secure than
DHCP based approaches that which security researchers have poked holes in. That’s not to say that 802.1x is
infallible, as Cisco recently discovered.
McLain also doesn’t consider LANDesk to be coming late to the 802.1x game. He said the demand is just coming online now even though the technology isn’t exactly new.
“Everyone is talking about NAC, and that it’s needed, but we’ve really seen
slow adoption,” McLain said. “It’s only in the last month or so that I’ve
seen a lot of traction from different IT departments to really tackle this
now.”
Among the reasons cited by McLain for the slow adoption is the lack of
understanding in the enterprise about what NAC is all about and what
solutions and options are available. In his view many customers just didn’t
understand what it is they were asking for.
There is also a fear factor for enterprise when it comes to NAC adoption.
“The biggest fear of why it’s not implemented is they’re afraid of what it
will do to their network,” McLain said. “They’re afraid they’ll have people
shut down and it won’t work automatically for them. It can be painless if approached from an understanding of what needs are.”
LANDesk is expected to include the new 802.1x NAC functionality in the May
9 update of their product suite. LANDesk will be marking another
important milestone the week before the release, the one-year anniversary of
its acquisition by Avocent for $416 million.