Enterasys has upgraded the software in its Trusted Access Gateway and Sentinal Trusted Access Manager so that it allows network access control (NAC) on traffic coming from non-Enterasys switches.

This is a major step forward for interoperability in the security industry, where network managers can dramatically improve network security even in a mixed-vendor environment.
Enterasys now has a compelling offering that competes against best-of-breed point solutions providers of NAC devices, as well as against large networking infrastructure vendors that sell proprietary NAC solutions that function in a single-vendor environment.
NAC has become a hot topic in networking, as it fundamentally changes how we approach security. The previous generation of security products tried to prevent attackers from penetrating firewalls, or identified suspicious traffic that found its way on the network and blocked it.
"Older security technology does not typically prevent illegal access to the actual network, it largely only prevents illegal access to resources on it," explains Martin May, regional director of Enterasys Africa. "An analogy would be a shopping centre that had security guards patrolling around and big bars on the doors of shops, but does not stop people sneaking into the centre and rattling doors to see what¹s not properly locked."
In an NAC environment, the networking infrastructure itself becomes part of the security, with switches identifying devices that connect to them, and only giving them access to the network if they successfully authenticate. Attackers have a much harder time probing for weaknesses in servers or desktop computers as they are not able to access the physical network.
NAC can go even further, being able to restrict access when devices try connect that do not have currently valid antivirus scans, malware scans or security patches. It can also grant guest machines restricted access to only specified Internet ports.
The issue so far in NAC implementations has been that systems normally used 802.1x to manage device authentication and RADIUS to handle credentials verification, which are both widely supported open standards. The problem came in that NAC solutions had to communicate with each individual switch on the network, and interoperability was typically limited to inflexible single-vendor solutions.
In Sentinal NAC Solution 1.1, Enterasys added the ability to use standards-based SNMP controls to block ports where devices fail authentication, extending NAC to any managed switch. The Sentinal NAC solution can also use 802.1Q virtual LAN tags to quarantine traffic as necessary.
Without multivendor NAC support for all switches in the network fabric, implementing robust security becomes either impossible as the security chain is only as strong as its weakest link. The only other option is a closed, proprietary solution that restricts choice and prevents network managers choosing a best-of-breed device in a particular implementation.
"Virus, malware and malicious attacks are changing and metamorphosising by the day. Network managers cannot rely on firewalls and scanners alone to prevent security breaches. NAC gives network managers the ability to prevent malicious activity at source," says May.
The core benefits of Enterasys NAC Solution are:
* Consolidates security of heterogeneous networks. Provides authentication and assessment functions for Microsoft, Linux, Solaris, AIX, MacOS, FreeBSD and other operating systems, delivering significant cost reductions.
* Ensures compliance with an organization's best practices. Ensures that all users meet a common level of security, increasing control over the network with greater operational efficiency.
* Provides context of what devices are on the network. Determines needs and threats associated with network devices, from servers and printers to IP phones and surveillance cameras.
* Consolidates vulnerabilities of devices and end users into a single platform. Works in an integrated fashion with the network infrastructure for greater operational efficiency.
Enterasys Sentinel enables full user mobility by protecting against unauthorised users, viruses and other security threats on the network through the implementation of agent-less end-system assessment. This solution complements the existing agent-based assessment solution offered by Enterasys, which is ideal for environments where vulnerability assessment software agents can be readily deployed on end systems. Agent-less technology is becoming more important with the spread of network-connected (but hard to manage) devices like mobile phones, RFID systems and PDAs.