Symantec NAC 11.0
July 01, 2008
£6,518, including Symantec Network Access Control Starter Edition 11.0, 1 Symantec NAC Enforcer Appliance, and 1 year of Essential Support Services
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: 802.1x compliant, so no extra authentication servers needed
- Weaknesses: Difficult install relies on Symantec's professional services
- Verdict: An acceptable offering that is complex to implement and manage, but it delivers the features advertised
The offering from Symantec is much larger than the scope of this review. NAC 11.0 has additional functionality such as desktop enforcement through client-installed firewall/agents.
A LAN enforcer, configured to work with a Radius, Diameter or LDAP server, forwards the user information it receives from the 802.1x supplicant to the Radius server for authentication and does not grant access to a client that fails the user-level authentication.
There are three types of enforcer appliances: gateway, DHCP and LAN enforcers. The Symantec Enforcer is a component that works together with the Symantec Policy Manager and Symantec Agents to protect the enterprise network. Enforcers are responsible for many tasks. It is generally more convenient to administer them all in one centralised location. The Policy Manager provides this capability.
Symantec Agents can be configured to run host integrity checks at various times. This ensures that the user has not disabled the local firewall or anti-virus, or performed any other action that would cause the device to be moved into a quarantine area, which will only allow users to access the internet for the purpose of bringing back the client, through HI, to the regular LAN segment.
When a client tries to connect to the network, the Symantec Agent runs a host integrity check. It then sends the results to the enforcer. If the client passes, it gains access to the network.
The installation is so complex that Symantec usually sends a professional service technician to complete the initial install.
Limited documentation for the product is available online. We were unable to locate any additional documentation, which would have been handy to have.
The first year of support, which is included, is available 24/7. Additional phone, email and website access are available after the first year.
The pricing for the NAC 11.0 appliance starts at £6,518, which includes Symantec Network Access Control Starter Edition 11.0, a Symantec NAC Enforcer Appliance and a year of essential support. This makes the NAC 11.0 average value for money.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- Social engineering: hacker tricks that make recipients click
- Security researcher blasts United Airlines' bug bounty programme
- Video: Young and gifted codebreakers compete in cyber-security masterclass final
- Five last minute retail risk mitigations for Black Friday weekend
- Anonymous' Twitter war hits stumbling block
- ISSE Berlin: Germany to promote 'digital sovereignty'
- Purchasing cyber-insurance without a proven security system will leave businesses out of pocket
- Sophisticated Apple Phishing Email making the rounds
- ISSE Berlin: Safe Harbour II initial agreement expected
- 2015 worst year in history for Mac malware
- ICYMI: Madison extortion, Cyber-sec challenge, United bug-bounty, French intelligence, and Anonymous/ISIS spat
- Magspoof: the device that can spoof Amex cards
- Plusnet still giving out plaintext passwords
- Win32/CompromisedCert.D is now certifiably Dell-stroyed
- CryptoWall 4.0 now deploying through the Nuke EK