Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Node Validators: Page 3 of 13

Organizations that need a quick path to mitigating the threat of traffic from rogue nodes entering their data centers, for example, are likely to gravitate to Juniper's Unified Access Control (UAC) suite; it's easier to deploy and less intrusive than many alternatives. Provided you're comfortable putting access-control devices in front of your data centers, Juniper's lightweight approach will be attractive, especially to companies that aren't looking to make major infrastructure changes or upgrades.

In comparison, organizations that are more concerned about client-to-client-based attacks and clamping down so rogue nodes don't ever set foot on the network in the first place--an area Juniper's model doesn't address well--should look at Cisco's approach--if they have the time and patience. A full Cisco NAC implementation is a complicated, intrusive process, but it's also comprehensive; NAC can address significantly more use cases than anything else we've seen.

Finally, ConSentry's LANShield offers an extremely lightweight (no agents!) method of mapping relationships between authenticated users and Layer 7 network applications, and performing some basic enforcement tasks. LANShield might one day be a good match for organizations that have only those needs. But it's immature at this point and has a long way to go before it can tackle a significant subset of the challenges that, say, Cisco's NAC addresses.





Embedded Infrastructure Model



Click to enlarge in another window