Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rolling Review Kickoff: Out-Of-Band NAC

When it comes to network access control, you have freedom of choice: IT can select from a number of different methods for assessing hosts, enforcing policies and integrating into the network. In this Rolling Review, we're focusing on out-of-band NAC. These products attach to the network from a switch port and, unlike their in-band brethren, don't require re-cabling. Like all NAC products, an out-of-band system makes use of a policy server, which contains access policies and makes decisions on which nodes should be allowed into the network. The policy server can be the enforcement point, or it may drive other network infrastructure devices, such as switches, routers or firewalls, to grant or deny access.

Thing is, out-of-band NAC seems to have an image problem: Our own reader research indicates that 65% of organizations deploying NAC prefer in-line appliances versus 50% using out-of-band products. And the outlook doesn't look likely to improve. Nearly 70% of companies in the planning stages are leaning toward in-line systems, versus just 43% favoring out-of-band NAC. A recent survey by Infonetics Research shows that 55% of companies plan on buying in-line NAC products; this syncs with the firm's market forecast, which shows more than half the NAC units shipped are in-line appliances.
Is the problem just bad PR, or does the out-of-band approach really carry technical disadvantages compared with going in-band?

Three Way Try

We decided to get to the bottom of the plusses and minuses of in- and out-of-band NAC, as well as host-based systems. We launched a Rolling Review of in-band NAC products in our Aug. 13 issue, and the first installment of that testing can be found refer to Consentry. Watch for our host-based Rolling Review to kick off early next year.

This article is the first of a series and is part of NWC's Rolling Review of Out-Of-Band NAC. Click on that link to go to the Rolling Reviews home page to read all the features and reviews now.
  • 1