Symantec NAC 11.0
July 01, 2008
£6,518, including Symantec Network Access Control Starter Edition 11.0, 1 Symantec NAC Enforcer Appliance, and 1 year of Essential Support Services
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: 802.1x compliant, so no extra authentication servers needed
- Weaknesses: Difficult install relies on Symantec's professional services
- Verdict: An acceptable offering that is complex to implement and manage, but it delivers the features advertised
The offering from Symantec is much larger than the scope of this review. NAC 11.0 has additional functionality such as desktop enforcement through client-installed firewall/agents.
A LAN enforcer, configured to work with a Radius, Diameter or LDAP server, forwards the user information it receives from the 802.1x supplicant to the Radius server for authentication and does not grant access to a client that fails the user-level authentication.
There are three types of enforcer appliances: gateway, DHCP and LAN enforcers. The Symantec Enforcer is a component that works together with the Symantec Policy Manager and Symantec Agents to protect the enterprise network. Enforcers are responsible for many tasks. It is generally more convenient to administer them all in one centralised location. The Policy Manager provides this capability.
Symantec Agents can be configured to run host integrity checks at various times. This ensures that the user has not disabled the local firewall or anti-virus, or performed any other action that would cause the device to be moved into a quarantine area, which will only allow users to access the internet for the purpose of bringing back the client, through HI, to the regular LAN segment.
When a client tries to connect to the network, the Symantec Agent runs a host integrity check. It then sends the results to the enforcer. If the client passes, it gains access to the network.
The installation is so complex that Symantec usually sends a professional service technician to complete the initial install.
Limited documentation for the product is available online. We were unable to locate any additional documentation, which would have been handy to have.
The first year of support, which is included, is available 24/7. Additional phone, email and website access are available after the first year.
The pricing for the NAC 11.0 appliance starts at £6,518, which includes Symantec Network Access Control Starter Edition 11.0, a Symantec NAC Enforcer Appliance and a year of essential support. This makes the NAC 11.0 average value for money.
SC Webcasts UK
Senior Accreditor, Security Risk and Assurance Manager
Disclosure & Barring Service - Liverpool, Merseyside
DV Cleared Systems Architect - 6 Months - London
Computerfutures - London (North), London (Greater)
CISO – Chief Information Security Officer (Up to £100K)
Evolution Recruitment - London (North), London (Greater)
Head of Security Strategy – London
Evolution Recruitment - London (West), London (Greater)
Information Security Manager
Infosec People - Hammersmith, West London
Sign up to our newsletters
SC Magazine UK Articles
- It's a trap! WhatsApp Gold 'premium' version lures users to malware
- SC Awards Europe 2016 winners announcements!
- Microsoft ends common password use and password lockout
- ISIS radicalises 'lone wolves' through strong social media presence
- 1.5 billion Windows computers potentially affected by unpatched 0-day exploit
- CYBERSEC 2016: Can you enforce international cooperation on cyber-security?
- Linux.Mirai Trojan causing mayhem with DDoS attacks
- Is Microsoft exposing the supply chain by hardening the enterprise Edge?
- Russians suspected of cyber-campaign against journalism site
- New NATO report claims China's cyber-space influence continues to grow