DHCP NAC enforcement done right - knock no more on NAC
For some time now, the knock on DHCP based NAC was that it was too easily bypassed by static IPs or spoofed IPs. I have written about this in the past multiple times and it is no secret. My view has been that DHCP is far from a perfect way of doing NAC. But if you don't have an 802.1x based network, do not want to upgrade or put in-line devices all over, or heaven forbid use ARP twiddling. DHCP was the best of the worst. Now if you are lucky enough to use Extreme switches, you can upgrade to the latest version of XOS, their network OS and you have a much tighter DHCP NAC solution. It eliminates from what I am told the spoofed or static IP problem from the equation at the port level.
I had heard about this capability before, but today was the first time I saw it in writing on Computer.co.uk. This is a real big thing for those people who want and need NAC now, but don't want to forklift or make major network changes. Extreme is known for great technology and this feature could be a killer. There are also some improvements to how they work with 802.1x, which make that better as well.
I should point out that StillSecure is a partner of Extreme on NAC technology, so this is especially heartening to us as well. I am going to ask some of my friends at Extreme to come on the podcast and explain further how this works.
Comments