« How long until Security 3.0 | Main | See you at RSA »

November 14, 2006

Juniper NAC 2.0 - Damned if you do, damned if you don't

Juniper has announced the launch of its Unified Access Control 2.0. UAC 2.0 combines elements of Juniper's UAC 1.0 which worked through their Netscreen IDPs and firewalls to block unauthorized users, as well as routers with the Funk Software supplicant and Steel belted Radius server.  The cool thing about UAC 2.0 is that it is TCG/TNC compliant (it should be, with the Funk people having been so instrumental is setting the TNC standard).  In doing so Juniper is taking a bold step in saying that their NAC solution is going to support an open, interoperable standard.  Cisco's NAC is interoperable, as long as your interoperate on Cisco gear.  Microsoft has talked about supporting interoperable standards, but whether they will and if so when they will support TCG is another story (stay tuned for a StillSecure, After all these years podcast the week of Thanksgiving to find out some clues from our special Microsoft guest on this).  However, Juniper has put their product out in the market. 

So what is the pay off for this? Well Dark Reading in reporting the story seems to have more negative opinions that positive on this.  They say that while TNC proponents and Cisco competitors offered support for Junipers direction, others were less than enthusiastic.  They point to two analysts (one of which is Andrew Braunberg from Current Analysis and a StillSecure, After all these years podcast guest, episode #20) who say the jury is still out on TCG/TNC.  I think Juniper would have been dinged if they did not support an open standard like TCG and now are getting dinged for supporting it.  In the meantime, I think some people are wrong about how far along the TCG/TNC standard is.  I think it will take some exciting news of major vendors supporting TCG to drive this point home (there are already some major companies behind it).  I have no doubt that this support will be forthcoming soon.  Juniper is doing the right thing by pushing TCG open interoperable standards.

Of course Junipers solution, still depends on agent based NAC and 802.1x capable networks, which means it may not be a feasible solution for everyone.  That is why I always say that a great NAC solution today needs flexibility to accommodate your network topography today and tomorrow.  Also, not sure it is a typo but 15,000 dollars for 100 users seems pretty steep to me!

Posted at 04:01 PM in NAC |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200d83431ecbd53ef

Listed below are links to weblogs that reference Juniper NAC 2.0 - Damned if you do, damned if you don't:

» The Daily Incite - November 15, 2006 from Security Incite: Analysis on Information Security
November 15, 2006 - #157 Good Morning: Howdy hump day. A rainy Wednesday here in ATL and I can feel the calluses starting to thicken on my fingers as I continue to crank away at writing the book. News has definitely slowed down a bit heading into ne [Read More]

Tracked on Nov 15, 2006 10:16:43 AM

Comments

My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search

Attend a Computer Forensics Boot Camp to better your skills and become a better worker

Categories

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About