« Peer to Peer: Can't live with it; can't live without it | Main | Cloak and Shield – Star Trek or Network Security? »

May 24, 2007

The Most Important Piece of NAC

Tim Greene has written a nice Network World NAC newsletter article, "The most important piece of NAC". He has some good insights for customers deploying NAC, which I wanted to expand on. One of the major functions of NAC is to determine the end-point posture (anti-virus, anti-sypware, OS patches, Firewall setting, etc). This determination is typically done by the NAC agent through one of the following methods, with the various pros and cons of each approach as explained below:

  1. Interacting with other client software directly as Tim and Joel Snyder have suggested in the article
    • Agent Type: Dissolvable or installable agent running on the end-point
    • Pros:
      • Very deterministic approach
    • Cons:
      • Need to establish partnership agreements with each vendor that provides an API
      • All AV/change-management vendors may not provide an API
  2. Inspecting registry entries and/or files on the end-point
    • Agent: Dissolvable or installable agent running on the end-point
    • Pros:
      • No interaction/agreements with vendors required
      • Enables comprehensive vendor coverage
    • Cons:
      • Needs reverse engineering that can be tedious and time consuming
  3. Inspecting registry entries and/or files remotely using WMI/Samba
    • Agent: Running on appliances based on Windows/Linux platforms respectively
    • Pros:
      • Truly clientless solution
    • Cons:
      • Requires administrative privileges
      • AV/change management vendors will not have APIs
      • Posture determination cannot be done for guests or contractors
      • Posture determination is very limited
  4. Snooping network traffic to detect exchanges between AV clients and update servers
    • Agent: Running on appliances based on Windows/Linux platforms
    • Pros:
      • Truly clientless solution
    • Cons:
      • Posture determination is extremely limited

To summarize, the most practical solution is a combination of Methods 1 and 2. Any NAC solution that relies entirely on Methods 3 and 4 are not good solutions. In the next few posts we hope to explore this theme further, as well as how Microsoft's NAP fits into the scheme of things.

Amol Mahajani

Technorati Tags:

Posted at 02:01 PM in Trends in Network Security |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83452000469e200d83547ed5c53ef

Listed below are links to weblogs that reference The Most Important Piece of NAC:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.