Is quantine black and white or is there access control in NAC?
Was reading this article in Silicon Republic today. In it Kurt Roemer, chief security strategist at Citrix spreads some of the usual FUD around NAC. I think we have all heard this before. What happens when you quarantine the CEO? In this case Roemer talks about the employee who has to submit his project to get his bonus today and he is denied access. Heaven help us! First off not even considering that perhaps the employee is being denied some access because he or more specifically his machine represents a real threat to the network and others on it, what makes us always think of quarantine as on or off?
I think what Kurt Roemer is missing is that depending on what was deficient with the user and his machine, he can be given some degraded or lesser level of access which may allow him to complete his given task without endangering the rest of the LAN. That is what the access control in access control is all about. Kurt would have us believe that we slam the door in the guys face and he is SOL. That is just not the case. In fact the granularity of access control afforded by NAC, Radius servers, VLANs, etc. is every bit as good as the application level control that Citrix and Mr Roemer would have us use.
How users get to their work through the network may be of little concern to most end users, but there are people who get paid and whose job it is to make sure that devices coming on the network have the level of access they need to perform their duties and their machines do not present a hazard to everyone else on the network.
Comments