Trying To Have It Both Ways

Shimel's latest blog post takes vendors to task that have added NAC functionality to their existing product line and specifically goes after LANDesk's NAC which, he states, is an afterthought. Shimel has often said that host assessment is critical to NAC.

Mike Fratto

January 25, 2008

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Alan Shimel's latest blog post takes vendors to task that have added NAC functionality to their existing product line and specifically goes after LANDesk's NAC, which, he states, is an afterthought. Shimel has often said that host assessment is critical to NAC. Is he changing his tune? Color me confused on where Shimel stands on host assessment. Back in November, I stated that host assessment alone does not a NAC product make. In fact, it shouldn???t even be an important part of a NAC product, and I'm going to stick by that for the moment. He took me to task (Alan is a good guy, and I appreciate his candor) for that statement, arguing that host assessment is very important. This point, from Shimel's News Rules on NAC, sums up his position well: "NAC is more concerned with the casual offender than the determined hacker. The profile and health of a device entering the network is as important as who is on that device." Seems to me if host assessment is that critical, then host configuration is critical as well.

While talking with representatives from BigFix about some upcoming testing, one of them opined that companies using NAC to enforce host configuration already have decided that their host management strategies have failed and are looking to NAC to ensure their hosts are properly configured. I find it refreshing to hear some echo my own sentiments.

For vendors with strong desktop and server management products such as BigFix, LANDesk, and Symantec, adding NAC to their existing product lines is a natural fit because host command and control is part and parcel of host assessment and NAC. It represents the ever-present circle Assess->Remediate->Test->Authorize->Assess, hopefully integrated into an all-in-one package. No need to integrate multiple products, merge log files, and do other crufty stuff to make NAC work within the larger IT management environment.

I make no secret that I think if organizations are going to make host assessment a major component of their NAC projects, then they need to make sure their desktop and server management practices are in place and functioning properly first. Then you need to determine policy issues that govern how to handle hosts that are out of compliance with the approved configuration. Finally, you can find a NAC product that will support your policy and host assessment needs.

Read more about:

2008

About the Author

Mike Fratto

Mike Fratto

Former Network Computing Editor

See more from Mike Fratto
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events