The Lippis Report

By ConSentry

In addition to admission control features of user authentication and host posture check, some NAC offerings also support post-admission controls such as role-based access. Some NAC solutions rely on virtual LANs (VLANs) to provide this user-based control. However, implementing this capability via VLANs requires organizations to re-architect their LANs, making substantial changes to their VLANs and Access Control Lists (ACLs). This daunting task requires extensive implementation and ongoing work, negates some key operational uses that VLANs provide, and leaves IT with very limited post-admission control. This paper will explore these VLAN challenges and contrast them with the simplicity of ConSentry Networks´ system for deploying flexible role-based access controls independent of VLANs.

There are three major industry framework initiatives in play today addressing network security: Cisco´s NAC, Microsoft´s NAP and the Trusted Computing Group´s TNC. The problems with all three are that they are not ready, and they are complex, non-standard and costly. However, the market is demanding network access control without the above baggage. So a few smart people started companies to address this window of opportunity, Tom Barsi being one of them with his company ConSentry. Tom joins me to discuss a better way to control network access.

Local area networks (LANs) are more open than ever, making them vulnerable to external as well as internal threats and posing a complex security challenge for enterprises. Creating guest access is an important configuration as contractors, partners and visitors require access to either corporate resources or to the Internet or to both. Wireless technology and open jacks make it easy for rogue hosts to connect to a network. Mobile employees with laptops rove between public Internet ?¢‚Ǩ?ìhot spots", home networks, and the protected LAN, potentially exposing the network to viruses and other malware. Consequently, IT is looking for a comprehensive LAN security solution that protects business information, improves business continuity, and helps the organization comply with governmental regulations. In this white paper, defending an enterprise through network admission control (NAC) is explained.