Cisco Updates Network Security Technology

* * Beatles-Beatles writes to tell us that Cisco has announced an enhanced version of its Network Admission Control (NAC) technology. From the article: "Under its NAC initiative, Cisco is developing a range of tools that let companies permit, deny, quarantine or restrict admission to networks based on an end user's security status."

You are looking at Trusted Computing.

[tepples]

This Cisco technology is implemented in terms of Trusted Network Connect, a specification published by the Trusted Computing Group. Alsee explains how and why major residential ISPs will eventually use it to condition customers' Internet access on acceptance of Trusted Computing measures.

NAC sucks

We've tried to deploy NAC locally. It's hell to configure the "CTA" (i.e. magic software that runs only on Windows). It's hell to configure the switches (docs? Like they help...) It's hell to configure Cisco ACS (does Cisco even *use* that PoS?)

NAC is great in theory, but it's Windows-only, it requires extra software on Windows boxes, it requires all of your switches to be NAC aware, and it requires a NAC aware authenticator.

Can you say "not going to happen"?

If someone else comes out with something similar that can be used in the real world, like 802.1x supplicants with a bit more smarts, it will deployed so fast that Cisco's NAC will be a sad memory.

NAC: Good in theory. Cisco "gets" routers. They don't "get" network administration.