Network access control has a gaping hole that today is unresolved. There are numerous IP endpoints like print servers, Web cams, fax servers, software appliances, and anything else with an OS, IP addresses, and application. These devices connecting to a network can't be controlled via current NAC products because they don't authenticate and can't be assessed. Typically, NAC products handle these devices through white listing the MAC or IP address, thus trusting that neither can be spoofed. White listing, however, is a time-consuming and error-prone task.
Great Bay is the latest NAC vendor -- along with Cisco and Enterasys -- to announce a system that allows employees to sponsor guest access. Rather than giving out guest accounts, creating temporary accounts, or restricting guests to quarantined networks, sponsored guest access lets a user vouch for guests and grant temporary access. Guest access should relieve workload on IT systems that have to manage guest accounts today.
A common problem with 802.1X and network boot imaging is that the host can't authenticate to the network in order to get the image. It's the classic cart-horse problem. By detecting that a host is attempting to initiate a PXE boot, which is used to discover a disk image job, Great Bay Software Sponsored Guest Access enables administrators to place a switch port into an open state temporarily so the image can be downloaded.
In addition, guest access also can be used to temporarily grant access to computers that should have access, but for some reason aren't allowed on the network. For example, if an administrator is working on a computer and can't authenticate or won't pass a host assessment, guest access can be granted in a controlled, audited method. Guest access is a simpler management method than opening a network port on a switch.