Who is on your Network?
Submitted by jasonslater on Thursday, 3 May 2007No Comment
Who is on your LAN? Right now - do you know? How about your WAN? I’ll hold my hands up and tell you that I have no idea. The question isn’t as straight forward as it should be.
There are ways I can ‘kinda’ find out. For instance, I can check who is connected into terminal services, who is on our aix machine, who has been assigned a DHCP address, what VPN connections we have and who last visited our website. I can even tell you who our firewall rejected a few minutes ago.
What I couldn’t do however, is pull up a list of all network devices, by say MAC address, and find out exactly what protocols they are using right now, be it HTTP, FTP, TELNET, etc. Yes, I could run Ethereal and capture traffic going into out of the host PC but I couldn’t do this LAN (because of segmentation) or WAN wide (because of routing).
In fact, most of the information I could find out is after the fact. That is, the network device was on the network and communicating at some point. But, what would be useful is to know up front, and ensure that the device was a) allowed to be on the network in the first place and b) that the device is safe enough to be allowed on the network.
There are some products that when you hear about them you want straight away, like Office 2007. Others you might dismiss straight away. However, there are some, and Cisco’s NAC is one such product, that needs time to simmer and that’ s what happened to me with this product. It was only driving back from a recent seminar that I realised that the problem I face described above is something that Cisco’s NAC (Network Admission Control) technology is trying to address.
Any network device that attempts to connect to the network is checked to ensure it conforms to the business security policy (with support from over 75 industry vendors) including anti-virus and other protection system. Remember, this is anywhere on the network and in Ciscos own words it “Assesses all endpoints across all access methods, including LAN, wireless connectivity, remote access, and WAN“.
Some information I’ve been able to glean regarding the NAC in operation is it will:
- Challenge all users (at log-on) upon any attempt to access the network
- Authenticate nodes by MAC (linking to users accounts)
- Check compliance on all nodes including devices such as printers
- Restrict device traffic until node is authorised
- Proxy all types of user authentication
- Scan network to verify security compliance
An interesting product? I Should say so. For an SME? Well, the Cisco site tells us its for Large Enterprises, however at the Seminar we were told that Cisco is starting to embrace the SME and make their products, including this one, far more reachable for the likes of us. I hope so because at this moment in time (May 3rd 2007) the price of the NAC on Insight is just shy of £4k and that doesn’t mention any client licensing requirements which I assume are required.
More information from CISCO is here.
Subscribe now and never miss a post
RSS Subscribe
Loading ...
Leave a comment!