How to test drive NAC without busting the budget

But how should we define NAC? Is it merely an SSL VPN gateway with the ability to ensure that endpoint policies are enforced before devices are granted corporate network access? Or is NAC more of a comprehensive technology built into the fabric of the network? The answer often depends whom you talk to, so it's no wonder many organizations have yet to spend money on the technology. What security manager can justify investing in a technology when its role and benefits to the enterprise are unclear? In this tip, we'll suggest a few no-cost ways in which your organization can experiment with NAC technology in order to determine whether it can improve your enterprise's network security.

For more information: A panel discussing the potential of using network access control (NAC) says the technology may not be worth the price. Mike Chapple discusses what corporations should consider before implementing NAC. In this tip, learn if network access control acts as a compliance enabler or detractor.

Sign of the times
Recently, vendors have begun to release limited-feature NAC products for free in order to increase implementation numbers and clarify what NAC is once and for all. For example, earlier this year Cisco Systems Inc. announced that the Cisco Trust Agent (CTA) would become open source. Cisco later retracted its decision, but in September 2007, vendor StillSecure made a free derivative of its NAC product, Safe Access, available to the public. Safe Access Lite gives organizations the opportunity to experiment with NAC technology using a simplified implementation before deciding to integrate it into their networks. Similarly, the OpenSEA (Secure Edge Access) Alliance -- a recently created consortium featuring six leading network and security vendors, including TippingPoint and Symantec -- offers a free NAC client or 802.x supplicant for organizations interested in trying NAC technology.

The call for open source
Many organizations are turning to open source NAC products to subvert the cost of commercial NAC technologies. Packetfence, an open source NAC system, was developed by two Harvard University employees and coins itself with the tagline, "NAC for the rest of us." It's easy to implement and includes many of the same features offered by NAC vendors such as Cisco and Microsoft. Packetfence is vendor agnostic -- it doesn't require the use of specific vendor equipment -- and also includes a VMware virtual appliance called the Zero Effort NAC (ZEN), geared toward organizations that do not have in-house Linux technical expertise.

Due to comfort levels or just plain organizational policy, open source may not be the path for every organization, but it is one of several low- or no-cost options available to help determine if this technology should be a must-have in your environment. Regardless of whether your long-term NAC plans revolve around an open source implementation or an expensive commercial product, keep in mind that it may be wise to delay making a purchase. Demand for NAC products is expect to increase over time, and with demand comes competition, and with competition comes lower pricing.

About the author:
Peter Giannoulis, GSEC, GCIH, GCIA, GCFA, GCFW, CISSP, is an information security consultant for Access 2 Networks, a Toronto, Ontario based security consulting firm. He also serves as a technical director for GIAC.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Tactics Microsoft WIL: How to take control of data integrity levels Screencast: Penetration testing with Metasploit Microsoft PatchGuard: Locking down the kernel, or locking out security? How to lock down instant messaging in the enterprise Employee-owned handhelds: Security and network policy considerations Worst practices: Exposing IAM blunders Screencast: Nessus Phased NAC deployment for compliance and policy enforcement BitLocker: Windows data protection with whole-disk encryption? Screencast: Opening up the Network Security Toolkit Network Access Control Basics Forrester: NAC ready for wider deployments Quiz: Using NAC to create a strong endpoint security strategy Phased NAC deployment for compliance and policy enforcement What should an internal support model for identity management look like? Security Wire Weekly: Sizing up the NAC market Making the NAC decision: Open source vs. commercial network access control products Experts: NAC not dead, just immature FreeRADIUS: Acing a secure connection Is a 'self-defending network' possible? NAC switches, appliances help track users, malware RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Kerberos  (SearchSecurity.com) masquerade  (SearchSecurity.com) phreak  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.