- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
Senior Editor Tim Greene clarifies issues surrounding the evolving NAC security architecture.
Symantec is coming out with a new on-demand NAC client to go with its NAC appliance that brings features of the client more in line with the company's permanent NAC client. (Compare NAC products)
Like the full-time agent, the new on-demand agent supports 802.1x authentication, enabling out-of-band enforcement of NAC policies.
The new agent allows guests to do Web login where their machines are diverted to a guest virtual LAN (VLAN) when they attach to the network, and then see a Web portal page where they can be asked to log in.
A agent is pushed to the guest machine as an Active X, Java or Mozilla plug in. The agent can also be sent to the machine as a .exe file. Once authenticated, the machine is assigned to the appropriate VLAN as determined by an on-board policy store in the Symantec appliance or by an LDAP directory.
The on-demand agent supports scans for antivirus software (Compare antivirus products) being turned on, registry checks and the like. The new agent is available for both Windows and McIntosh machines, but the Windows version has the ability to scan endpoints for more posture checks than the McIntosh version.
The agent can trigger automatic remediation of machines that flunk NAC scans, but that is an unlikely scenario, Symantec says. Guest machines managed by another firm would likely be unavailable for another company to tinker with.
When users log off, the agents dissolve from the host machine.
New software for Symantec’s NAC appliance supports VLAN trunking, so if, for example, one of the boxes is fed by a VPN concentrator that is passing through traffic for more than one VLAN, a single Symantec appliance can handle it. Before, each VLAN would require its own appliance.
Tim Greene is senior editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (5)
The Symantec dissolvable agent has been around for years...By Anonymous on August 8, 2008, 11:14 amThe Symantec dissolvable agent has been around for years. Anyone who knows the NAC landscape is familiar with a company called Sygate. What has changed is the means...
Reply | Read entire comment
On demand agent to do 802.1x?By Anonymous on August 4, 2008, 2:27 pmHmmm, what came first the chicken or the egg?
Reply | Read entire comment
Great product By Anonymous on July 29, 2008, 10:25 amIt's great product .
Reply | Read entire comment
Are you kidding?By Anonymous on July 29, 2008, 9:40 amSymantec creates a dissolvable agent and you write an article about it. Kudos. I can't wait until they invent VLANs or DHCP. That story will be off the charts....
Reply | Read entire comment
NAC on-demand = dissolvable agentBy Anonymous on July 29, 2008, 9:33 amGreat article Tim. Symantec has developed a dissolvable agent only a couple of years after every otehr NAC vendor did it. This is the type of ground-breaking story...
Reply | Read entire comment
View all comments