This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2008."
Download it now to read this article plus other related content.
Pre- and post-connect network access control
Cisco NAC Appliance
Cisco, along with Microsoft, essentially defined the network access control (NAC) market several years ago with the introduction of its Network Admission Control architecture. Since then the market has become overpopulated with smaller appliance and software vendors, but our readers put Cisco's NAC Appliance head and shoulders above the competition.
Formerly known as Clean Access, the NAC Appliance is designed to be the first point of contact for users entering a corporate network, and enables administrators to authenticate and authorize users and enforce organizational security policies before network access is granted. The system enables the enforcement of a number of different policies, depending on device type, user and role. Machines that are out of compliance can be directed to remediation servers for delivery of patches and other updates.
The NAC Appliance scored highly in virtually every category in our readers' assessment, but was especially strong in its ability to integrate with customers' existing infrastructures and its scalability. Readers also praised the appliance's variety of enforcement options and gave Cisco high marks for its service and support.
NOTABLE Cisco's flexible deployment model enables customers to deploy it at either Layer 2 or Layer 3.
Juniper Unified Access Control (with Infranet Controller Appliances)
Juniper, like Cisco, is a hardware company through and through and as such, has used its expertise in building enterprise-class routers and switches to develop a line of high-performance NAC appliances.
The Unified Access Control boxes, combined with the company's Infranet Controller Appliances, finished second in this category.
The UAC appliances are designed for organizations from small businesses all the way up through large global enterprises, and include feature sets designed to meet the disparate needs of these companies. Like other NAC appliances, the UAC system includes an agent that sits on the endpoint and collects user credentials and also assesses the security posture of the machine. The agent can be installed dynamically as unknown machines attempt to connect to the network, and administrators can enforce policy at a number of different points in the network, including any 802.1x-enabled switch.
Readers gave the UAC appliances strong ratings for their range of policy checks, integration with existing infrastructures and scalability.
NOTABLE Juniper UAC can be deployed in an agentless configuration for Linux, Solaris or Mac OS X environments.
This was first published in April 2008