Experts Say Dump The NAC Word
Network access control is a useless marketing buzzword; users and vendors should just get on with security management, experts have said.
As well as diversity in the devices and services it has to cover, NAC is torpedoed by the variety of user needs, said Prince: “It means different things to different verticals.” While a University will only care about pre-admission controls, and let users do more or less what they want once on the system, a bank will need to know everything that happens on the network.
And the idea of a separate NAC function came in for criticism: “I struggle with the idea of standalone NAC,” said Gold. “it needs to be part of the network.” Eldridge agreed: “You will never see a NAC box: it’s got to be integrated.”
Despite this, there’s a place in smaller businesses for appliances which combine several security functions, the vendors (both makers of security appliances) agreed.
Even with this gloom, the companies agreed that there is progress in security management. Systems are being made simpler, said Prince, and machine-to-machine communications are allowing systems to work more powerfully, said Eldridge.
For this sort of security-in-depth, networked devices must work together, and that needs standards, the vendors agreed: “We’ve started to develop the protocol,” said Eldridge.
One fundamental issue is identity management, and panelists criticised Cisco for not joining the ID management group quickly, making it harder to define a standard – although Guldentopps said there are good standards there, such as the LDAP directory access protocol.
Whether the full NAC vision is practical, security systems will have to get better at trapping insecure behaviour. “It’s the only way to catch zero day threats,” said Gold. “Signature files won’t do it, you need to use behaviour .”
And even without absolute security, the products on the market can be customised into a more closed configuration, said Guldentopps.
But it won’t happen if users are waiting for a panacea: “Let’s kill the term NAC,” said Moy. “It has been confusing since day one. It never was a coherent idea. Let’s Start talking about security management.
“Yet people are out there saying 2009 will be the year of NAC,” said Guldentopps.” Analysts say the darnedest things.”