[ news_security_news ]
Arkin: NAC Full Of Holes
Chris Crum
Staff Writer
2006-08-03
 Insider Reports RSS Feed
Ofir Arkin of Insightix blew the horn on NAC (Network access control) technology at the Black Hat Conference in Las Vegas today.
NAC is widely regarded as a must-have for corporate security, but Arkin says there is a lot of room for improvement in the technology, which is "full of holes". According to InformationWeek, NAC technology should include all of the following abilities:
- detect devices trying to connect to the network;
- authenticate the identity of the device's user;
- check whether the device has the proper level of antivirus protection and software patches to comply with corporate security policy;
- enforce corporate policy by sending the device to a network quarantine for remediation;
- and provide continuous monitoring for security problems once the device is connected.
However, there is no NAC provider currently that offers each of these abilities.
"It's inherently going to be found that there are weaknesses. But I think that's the wrong thing to focus on. We want to address the weaknesses but focus on the benefits," ComputerWorld quotes Cisco Chief Security Officer John Stewart as saying when asked about Arkin's presentation.
Cisco is one of the big-name providers of NAC.
 Yahoo! My Web |  Furl
Bookmark WebProNews: 
About the Author:
Chris Crum is a staff writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
