What's New on SAC?  (August 2007)

Our New Security Blog Appears August 5.

Check out the initial posts on the Secure Access Central blog and submit your comments. New ones will be made weekly so either bookmark or subscribe to our blog.

• "NAC is not secure enough says expert (?)"
• "A Pragmatic Way to Classify NAC Products"
• "Which NAC Are You Talking About?"

Network World NAC Product Tests & Scorecard

This review ("NAC alternatives hit the mark") of 13 NAC products was published a week ago. The top-rated vendors will cheer the results; the rest will challenge, discount and refute them. We will post our opinion about this review in our blog later this week.

NIST Publishes Draft Guide to SSL VPNs

This DRAFT special publication (SP 800-113) "seeks to assist organizations in understanding Secure Sockets Layer (SSL) Virtual Private Network (VPN) technologies. The publication also makes recommendations for designing, implementing, configuring, securing, monitoring, and maintaining SSL VPN solutions. SP 800-113 provides a phased approach to SSL VPN planning and implementation that can help in achieving successful SSL VPN deployments. It also includes a comparison with other similar technologies such as IPsec VPNs and other VPN solutions." We encourage you to read it and comment before their September 27, 2007 deadline.

NAC Product Spotlight: Array Networks

Each month Secure Access Central puts a spotlight on a few NAC products from our NAC Product Selection Guide, the industry's most comprehensive and current analysis of NAC products. The full report can be downloaded by registered members of our user community at any time and is free. Our first product in the spotlight is the Array Networks SPX Universal Access Controller.  We will include a post in our blog so you can submit constructive comments about the Array product.

Security Blog Highlights: NAC Posts

• Internal security weakness: the case for NAC (James Heary - Cisco)

  This post "attempts to answer (albeit at a high level) the question “Why is deploying NAC vital to protecting your organization?” With today's security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Organizations need to have internal security that are more comprehensive, pervasive, and tightly integrated than in the past."

• Network control not secure enough says expert (Kurt Roemer - Citrix)

  Another example of someone "dissing" NAC after defining it solely as "NAC is essentially about management of network connectivity, a series of go, no go decisions based on whether someone should get access to a network or not, depending on factors such as their location, if they are accessing from a managed or unmanaged device, or their clearance level in a company". Go to the Secure Access Central blog for a link to this post and our comments about it.

• Top 9 things any NAC solution must do and do well (James Heary - Cisco)

  "When evaluating any NAC solution you first need to figure out what features and functions are most important for your environment. I (James) have created this list of the top things that any NAC solution must do and do well to help you in that end." James invite you to submit your own ideas.