Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rolling Review Kickoff: Host-Based NAC

In Hollywood, the killer mutant virus always kicks mankind's butt. For security pros, this is one area where life too often imitates art--a single infected laptop can make for a very long night. While the Storm worm made headlines, its main propagation method is through user action. That's defensible. It's automated worms such as SQL Slammer and Code Red that are likely to do far more damage when they get into your network, because they can infect any vulnerable computer without end user intervention.

Welcome to the final chapter in our ongoing series of NAC Rolling Reviews. We've covered in-band and out-of-band network access control systems, and now we turn to host-based NAC, which aims to solve problems such as malware propagation and unauthorized access by adding agents to hosts and controlling access from the source of the problem, rather than in the network or at a perimeter.

InformationWeek Reports
chart: Name Your Price: To deploy and support NAC, I would be willing to ...

We've invited 11 vendors to show us their stuff. Most tout simple-to-install agents that augment or replace existing security tools. What's more, there are no network changes involved. No recabling. Fewer choke points and single points of failure. No creating virtual LANs, subnets, DHCP scopes, or 802.1X. That benefit alone will make host-based NAC palatable to companies that just don't want to mess with their network topologies.

Our most recent NAC trend survey showed host-based NAC on par with out-of-band, both at 48%, when we asked what changes readers would be willing to make to their networks. In-band is still the NAC architecture of choice, at 56%. We also asked about types of activity that require access control. The top three answers: access to the data center (49%), remote access (39%), and branch office access to company resources (37%). This shows that our readers want internal access control and that they have operational power over endpoints--a critical requirement for host-based NAC. Companies for which controlling guest access is crucial should look to another strategy, because installing a permanent agent on an unmanaged node is an iffy proposition at best.

  • 1