Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat: Standards Issues Open Network Security Holes

While there's strong agreement that network access control should be a part of any corporate security strategy, all agreement ends when it comes to defining what exactly NAC is and how different vendors' interpretations of the technology will work together.

This confusion has opened up holes in network access control technologies that can easily be exploited, one security vendor said Wednesday at the Black Hat USA 2006 conference.

The concept behind NAC is relatively straightforward: Don't let any devices connect to your network unless they pass muster by complying with your company's security policies. "It's a valid technology and something you need to consider as part of your network security," said Ofir Arkin, chief technology officer and co-founder of Insightix Ltd., a maker of NAC software used to monitor network traffic and probe devices as they attempt to connect.

Yet even though Insightix has a dog in the NAC fight, Arkin's Black Hat presentation focused more on what's lacking in NAC and how these omissions could be very dangerous to businesses deploying the technology.

In theory, NAC technology should include the ability to:

  • 1