Can the IETF sort out the NAC standardization process?

With competing network access control (NAC) initiatives like the Trusted Computing Group's Trusted Network Connect (TCG TNC), Microsoft's Network Access Protection (NAP), and Cisco's Network Admission Control (CNAC), as well as all the vendor specific NAC products and solutions, one...

Mike Fratto

July 13, 2006

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

With competing network access control (NAC) initiatives like the Trusted Computing Group's Trusted Network Connect (TCG TNC), Microsoft's Network Access Protection (NAP), and Cisco's Network Admission Control (CNAC), as well as all the vendor specific NAC products and solutions, one thing is painfully clear. Standardization and conformance is critical. The matrix of security and network infrastructure products that should be included in a NAC solution for either end-point validation, profile authorization, or enforcement, is mind boggling. Today, vendors are exposing API's and performing one-off integration based on either the market presence of a product, Symantec and McAfee AV products for example, or based on customer demand???some customer with deep pockets wants integration. However, that strategy is self limiting and integration is often stuck with specific product revisions. Checkpoint's Open Platform for Security is an example of what I would call a pretty successful vendor integration program (including API's and conformance testing) based on the number of vendors who participated and are participating, but the conforming products are specific to a version. That makes sense to me because you know exactly what products and versions have been tested and you can be assured that products will just work. It does mean that an OPSEC certified product may not be the most recent.

There is a working group trying to form within the IETF calling itself Network Endpoint Assessment and they have published a problem statement defining the working groups initial goals (it's a work in progress, like all IETF work) with the general plan to either unify existing protocols defined by other bodies or develop their own set of protocols (where needed).

The IETF certainly has more history and cachet with network administrators as an open and vendor neutral standards body and while working group participation is largely engineers working for vendors, a consensus is usually arrived at that reflects the best thinking on protocols. Of course, this could all be moot. The working group is still forming and even if build the standards documents, there is no telling if or when the vendors will commit to them.

About the Author

Mike Fratto

Former Network Computing Editor

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights