« More on the WonderNAC | Main | A visit to the Pentagon »

August 06, 2007

Go Greased Lightening

Dominic I promise this is my last post on this one as you have ridden my coat tails long enough.  My wild assertions on your use of Snort and IP Tables are based upon what I have been told by others who have looked at your product.  If you really don't use Snort, how about some specifics on the rule set you use?  How many rules?  What can you really catch?  Has it ever been in an independent bake off or test? 

I see you are quite the book worm in reading up on the recent Network World review of most of the NAC products out there.  Funny I didn't see your product listed in that bake off.  Are you afraid to show your stuff?  Or maybe it is because the last time Network World reviewed your product they had this to say:

Being deep in the network presents challenges for both authentication and enforcement, and Nevis has made some design choices that may not be acceptable to enterprise users or network managers. Authentication is done through a captive web portal. This facilitates endpoint-security posture assessment with Nevis' own ActiveX client, but may be too intrusive for many environments. Network managers may also find that the LANsight Security Manager, Nevis' GUI-based management system, is clumsy when it comes to defining complex security policies.

Our greatest concern with LANenforcer is the large number of bugs we found in almost every component, including endpoint security, malware detection, management and in the hardware itself. As with any new product, Nevis may need more time to shake out some of the problems with this release.

Dominic, to answer your questions: our inline mode is more for remote access, not for inline the way your talk about it.  We don't claim to be a switch and we don't want to put a box in front of every switch out there. Your right, authorization on user roles is something we have not put in yet, but it will be there.  On advanced endpoint checks, nothing could be easier, I bet even a marketing guy could figure them out.  It is point and click baby.  You can write your own rules in Python, for the record.  Checking for a few token things like Blaster?  Dominic, I am not you.  Ask me what we can check for, I would be happy to show you.  It is more like over a 150 checks out of the box. And yes you can use our IPS, even our free version of it if you like.

Greased_lighteningDominic, I am the sheriff in this town, my name is Alan Shimel and this is my blog.  I will finish with this.  Very impressive description of your big, bad ASIC at the bottom of your blog.  Reading it I had visions of you and the Nevis bunch dancing around a Nevis box singing Go Greased Lightening, like in the movie Grease.  So were you John Travolta?  Who plays Olivia Newton-John?

Posted at 10:50 PM in NAC |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200e39823b5628833

Listed below are links to weblogs that reference Go Greased Lightening:

» NAC Fight - Five Rounds and Counting from En Garde!
A blog fight! A blog fight! No surprise Alan Shimel’s involved, and this time he’s taken on Dominic Wilde at Nevis. It started with Dominic’s post responding to Mike Fratto’s blog on the limits of NAC. I took issue with [Read More]

Tracked on Aug 7, 2007 12:18:50 AM

Comments

Search

Lijit Search

disclaimer

  • The views and opinions expresed here are those of myself only and in no way represent the views or positions or opinions of my employer, Latis Networks, Inc. d/b/a StillSecure or anyone else.

Blog Networks

  • Find the best blogs at Blogs.com.

StillSecure, After all these years, the podcast

Categories

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About