Educause Security Discussion mailing list archives

Re: NAC devices - opinions sought

From: David Gillett <gillettdavid () FHDA EDU>
Date: Tue, 20 Feb 2007 13:21:43 -0800

  At RSA this year (week before last) I attended several NAC presentations.
The big three
currently seem to be Cisco (our infrastructure is mostly not Cisco),
Microsoft (our current
population is about 40% Macintosh, and not all of the Windows are XP/Vista
and AD), and
an effort by the IETF toward an open standard that client agents and policy
enforcement
servers can use to talk to one another.  This latter effort is likely to
improve the availability
of open-source offerings....

  My shopping list includes:
cross-platform support (Macs aren't going away in any timeframe I can plan
for)
"agentless" (new term is "dissolving agent") since we cannot require
installation on clients we don't manage
802.1x supported but not required (we're just starting to get equipment that
supports it, and building the IDM back-end support)
more generally, works with our current and near-future infrastructure (i.e.
not just Cisco)
has a "don't act, but show me what you would have done" eval mode

  A year ago, I'm not sure any vendor could meet all of those criteria --
now, there are probably
at least 6, and perhaps as many as a dozen, and they don't all meet them in
the same way.

David Gillett



  _____

From: David Boyer [mailto:David () BVU EDU]
Sent: Friday, February 16, 2007 2:50 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] NAC devices - opinions sought


Anyone familiar with Ciscos Network Admission Control (formerly Cisco Clean
Access, formerly Perfigo), Juniper Infranet, Symantec Network Access Control
or similar software/appliances?

Like many schools, we have a 1:1 ration of computers to students. We'd like
to avoid letting vulnerable or malware-infected systems onto our network
while simultaneously addressing the infection or vulnerability. Almost all
of our systems are running Windows XP or Windows 2000.

I'd be interested in hearing about your experiences with these or similar
solutions. Any open-source solutions that you know of?

Thanks in advance,

David Boyer
Buena Vista University

Current thread:

Re: NAC devices - opinions sought, (continued)
- Re: NAC devices - opinions sought Charlie Prothero (Feb 16)
- Re: NAC devices - opinions sought David Boyer (Feb 16)
- Re: NAC devices - opinions sought Jeff Murphy (Feb 16)
- Re: NAC devices - opinions sought Cal Frye (Feb 16)
- Re: NAC devices - opinions sought Brian T Nichols (Feb 17)
- Re: NAC devices - opinions sought Conor McGrath (Feb 17)
- Re: NAC devices - opinions sought Brian T Nichols (Feb 17)
- Re: NAC devices - opinions sought Barros, Jacob (Feb 19)
- NAC devices - opinions sought Chris Harrington (Feb 19)
- Re: NAC devices - opinions sought Walter E. Petruska (Feb 19)
- Re: NAC devices - opinions sought David Gillett (Feb 20)
- Re: NAC devices - opinions sought John (Feb 20)
- Re: NAC devices - opinions sought Brian Friday (Feb 20)
- Re: NAC devices - opinions sought John Kemp (Mar 08)
- Re: NAC devices - opinions sought David Gillett (Mar 08)