Is there an 802.1x in your future?
Tim Greene's NAC column today goes back to the recent Gartner IT Security Conference. At Lawrence Oran's session on NAC, using the handheld voting machines he asked the audience if and when they planned on deploying an 892.1x capable network. Of course answers are always dependant on how the question is framed. But in this session about 50% of respondents said they were going to go .1x by 2011. You know what they say, once you go .1x you don't go back. That bodes well for NAC deployments. 802.1x remains the most secure and powerful way of implementing NAC. However, .1x is also useful for other security and network functionality. If you want to read more about .1x my friend JJ has a ton of good .1x stuff up on her blog.
A couple of interesting points though. Gartner themselves as Tim points out estimates that .1x adoption will be closer to 70% by 2011. The difference between the 50% in the survey and Gartner's estimates will be realized due to increasing ease of implementation of .1x networks. Perhaps, I know at StillSecure we are always looking for ways to make it easier to implement .1x and NAC. However, lets be clear. Installing new supplicants because Cisco and Juniper say the Microsoft supplicant is not good enough is a red herring. Yes the Odyssey client is cool, but it is a nice to have in the .1x equation, not a must have. The same goes for the Cisco/Meetinghouse supplicant. Also, not all .1x is created equal. There are still enough differences between switch vendors in how and what they support in .1x to make it maddening.
Finally, like I have said before if you are going to do 802.1x just for NAC, don't bother. But if you are going to go to 802.1x you should give NAC a good look.