Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Trying To Have It Both Ways

Alan Shimel's latest blog post takes vendors to task that have added NAC functionality to their existing product line and specifically goes after LANDesk's NAC, which, he states, is an afterthought. Shimel has often said that host assessment is critical to NAC. Is he changing his tune?
Color me confused on where Shimel stands on host assessment. Back in November, I stated that host assessment alone does not a NAC product make. In fact, it shouldn???t even be an important part of a NAC product, and I'm going to stick by that for the moment. He took me to task (Alan is a good guy, and I appreciate his candor) for that statement, arguing that host assessment is very important. This point, from Shimel's News Rules on NAC, sums up his position well: "NAC is more concerned with the casual offender than the determined hacker. The profile and health of a device entering the network is as important as who is on that device." Seems to me if host assessment is that critical, then host configuration is critical as well.

While talking with representatives from BigFix about some upcoming testing, one of them opined that companies using NAC to enforce host configuration already have decided that their host management strategies have failed and are looking to NAC to ensure their hosts are properly configured. I find it refreshing to hear some echo my own sentiments.

For vendors with strong desktop and server management products such as BigFix, LANDesk, and Symantec, adding NAC to their existing product lines is a natural fit because host command and control is part and parcel of host assessment and NAC. It represents the ever-present circle Assess->Remediate->Test->Authorize->Assess, hopefully integrated into an all-in-one package. No need to integrate multiple products, merge log files, and do other crufty stuff to make NAC work within the larger IT management environment.

I make no secret that I think if organizations are going to make host assessment a major component of their NAC projects, then they need to make sure their desktop and server management practices are in place and functioning properly first. Then you need to determine policy issues that govern how to handle hosts that are out of compliance with the approved configuration. Finally, you can find a NAC product that will support your policy and host assessment needs.