NAC and VOIP
Tim Greene's NAC column makes I think a lame point about how "NAC protection extends to VoIP". The gist of Tim's article is that by stopping devices which could launch bot driven DOS attacks against VOIP equipment, NAC is helping to protect VoIP. Tim also mentions that by scanning (Tim scanning is something vulnerability management products do, NAC tests devices) servers necessary for VoIP, they again help provide protection for VoIP.
Until NAC products can actually recognize and test VOIP gear, the protection they provide for VoIP is ancillary at best. To say anything more than that is to just rev up the hype around NAC and give people the false impression that NAC is a magic bullet, which in turn only leads to frustration and disappointment.
Now that is not to say that NAC will not test VoIP equipment. In fact our own Safe Access NAC product has had tests for Avaya soft phones for some time. We are also working on tests for several other VoIP phone brands. I think in 2008 we will see other NAC vendors follow our lead, jump on the bandwagon and offer testing and perhaps even remediation for VoIP gear. BTW, I am not talking about Nessus type scans for VoIP gear which anyone can do today without the need for NAC.
Comments