July 01, 2008
£6,595 for NAC Director; £5,295 for NAC Director GCS
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A feature set that can do just about anything
- Weaknesses: The price may be prohibitive in the SME market, which would benefit most from this offering
- Verdict: Start here before trying other NAC products
The list of features in the NAC Director is far longer than this review allows for. For a start, the list of supported clients is extensive, including Windows from 98 to Vista. There is even a Mac client that operates on versions 10.4 and 10.5 of Mac OS. When it comes to non-standard images, Bradford uses a dissolvable client that lasts as long as the browser is open and is removed from the system when the connection is idle.
For systems that have an agent installed on top of the operating system, NAC can both push (send updates to the client) and pull (have the client request updates etc.). The most secure NAC implementation with this suite is to use 802.1x with extensible authentication protocol, which requires the use of a Radius, LDAP or Diameter server.
With the Bradford NAC device in place, the 802.1x traffic is further protected by the encryption between the NAC device and the Radius authentication server. This 802.1x network access control allows only data-link authentication packets on the outside of the connection and encrypted packets to protect the communication on the inside (LAN Side).
The NAC Director can store logs on the primary server, but they can also be sent to a syslog or SNMP manager to alert administrators of unusual events. The Bradford NAC Director has additional controls built in to protect from rogue access points or unauthorised wired access. It will alert the administrators that a port in a switch has been enabled after several months of inactivity. SNMP sweeps of the local area networks, performed by the NAC device, allow administrators to identify a new system on the network and check out whether the device is a WAP.
The installation was a breeze and the device was running well inside of a half hour. This includes the time to test a XP, Vista, and Mac machine.
The documentation comes on a CD, but the system is so easy to configure that we never had to open the manual.
Support is offered via phone, email and a website. Regular phone support costs 18 per cent of the purchase price, while premium support is 27 per cent
The pricing for the Bradford appliance is among the highest tested in the group.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- McAfee Labs quarterly report reviews five-year threat retrospective
- BitTorrent moves to patch reflective DDoS attack flaw
- Recovering from virtual breaches is doubly expensive for businesses
- Symantec identifies 49 new modules associated with Regin
- ICYMI: Adblock threatens OSX; Thomson customers exposed; AM leaker 'a woman'; AM police call on white hat help; Malaysia cyber alert