Testing NAC Solutions

Recently we read about some NAC product comparisons performed by various magazines. The one thing that I find the most interesting is the test criteria and the parameters, which are being used in order to perform the comparisons and tests.

For example, one magazine just checked that NAC solutions can perform user authentication against Microsoft Active Directory, and Radius servers, and that they are able to provide with host-based checks and remediation.

What was the testing environment? One new Cisco switch capable of doing 802.1x, 2x VLANs were defined, about five managed Windows XP SP2 machines were used and a patch management server.

What is wrong with this picture? Well, first of all this cannot mimic a true network setup. And in a true network setup there are a lot of parameters you must include in the equation when you enroll a NAC solution. The second issue I find is even more problematic. The parameters, which were used to test the NAC solution, are simply, in my mind, the wrong parameters to check for.

I have written about this in the past when I have discussed parameters to add to a NAC RFI/RFP. Where is the check for proper element detection? Where are the questions in regards to how Quarantine is being done? Or how enforcement is performed? Three simple questions that opens a Pandora box.

If I were you, I would do my home work and verify that a comparison NAC test I read about was done in an appropriate manner, and that the parameters and tests it went through makes sense for NAC…

Advertisements

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: