The Month: Debate - Is is enough to implement network access


YES: ANTON GRASHION, security strategist, EMEA, Juniper Networks

YES: ANTON GRASHION, security strategist, EMEA, Juniper Networks

It depends on how you define network access control (NAC). Plain NAC did not encompass the full role-based security system users and enterprises require to balance security with a productive, intelligent network. Working up from the TCG-TNC definitions, the technology to coordinate each user's role, endpoint device and location-based policies to create a dynamic access control system is available today.

Unified access control (UAC) is not simply port-based authentication or end-point legality checking. It goes much further by restricting the assets a particular user can access and provides policy coordination with security appliances such as firewalls to deliver NAC over existing infrastructure.

However, it would be unwise for any vendor to say that NAC is enough to create the perfect LAN security system. It is a predator-prey relationship.

An enterprise network presents a target and an opportunity to malicious misuse at all times. Security has to keep evolving to protect against that threat.

NO: JEFF PRINCE, chairman and CTO, ConSentry Networks

Network access control is a key step in securing a local area network (LAN). It ensures that only the right people have access and it can prevent such threats as a guest unleashing a worm.

But NAC fails as a total security method, because it does not allow you to control where users can go or what they can do once they're on the LAN. This kind of post-admission control is vital to protect a network.

IT must be able to restrict access to applications, file servers and so forth. Engineering staff, for example, should not have access to finance records. And IT needs these capabilities to be updated, as users' access rights can change.

IT also need tools that block other vulnerable sources; denying the use of non-business applications or stopping applications that spawn hundreds of connections, for example.

So beyond the simple authentication and posture check of NAC, IT needs visibility, user access control and threat control. The ultimate goal is to tie access rights to each end user, enabling role-based provisioning and using NAC as just a part of overall LAN security.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews