Network access control (NAC) is a framework into which various tools aimed at protecting an organization's perimeter can be dropped. In a perfect world, NAC stops intruders and makes sure that the devices trying to legitimately gain access to the network have appropriate and up-to-date security software. NAC also prevents users from straying from areas for which they are authorized.
A well-oiled NAC machine solves a lot problems for IT security folks. Suffice it to say that NAC is a challenging technology to deploy, however. This well-done update at Computerworld suggests that things are slowing changing for the better in the NAC world.
One of the key challenges for NAC vendors is to make equipment interoperate. The Internet Engineering Task Force (IETF) and the Trusted Computing Group (TCG) are trying to work this out. The piece looks at the progress they are making.
The story also describes Microsoft and Cisco's approach clearly. The writer suggests that the willingness of Cisco and Microsoft to have their products -- Network Admission Control (NAC) and Network Access Protection (NAP), respectively -- work together may the "most compelling" development in the drive to NAC interoperability.
Bloggers at the Security and Risk Management Strategies Blog say that the Cisco/Microsoft agreement isn't adequate. A subsequent deal between Microsoft and the TNG was announced at the Interop conference in May. It calls for Redmond's NAP to interoperate with the TCG's Trusted Network Connect. The agreement will enable Microsoft's NAP to send system health data to TNC.
NAC offers a more subtle advantage. This Network World piece says organizations are using NACs to help prove to regulators that they are in compliance. Many strengths of a NAC -- making sure those entering the network are authorized, that they only are able to go where they are supposed to, and that mobile devices to which they download data are secure -- are important regulatory issues.
There is no shortage of stories on the loss of critical data in ways that could have been scotched by interoperable NAC procedures. For instance, IT Security provides details on the use of a USB memory stick to steal thousands of pages of classified material from the Los Alamos National Lab last year.
A layman's reading of the Computerworld and Security and Risk Management Strategies Blog stories suggests that there is a tremendous amount of ground to cover before NAC gear achieves a high level of interoperability. The call here is for these folks to hurry, since so much is at stake.