Today's NAC Remains Vulnerable to Attack

By Matt Hines  |  Posted 10-18-2006
According to the latest figures from Forrester Research, some 40 percent of all enterprises in North America will have some form of Network Admission Control in place by the end of 2006, as businesses seek more effective ways to identify devices connecting to their networks and to enforce IT security policies.

The systems are available today from a wide range of technology vendors including Cisco Systems, Insightix, Nortel Networks and StillSecure, with Microsoft planning to launch its NAP (Network Access Protection) products in 2007.

For more on security, read September 2006 Security Survey: It Can't Happen Here—But It Does

Despite the benefits offered by the systems, however, industry experts say that the tools are far from complete and, by themselves, do not yet provide an adequate level of security for companies to depend on.

The most outspoken critic of NAC security has been Ofir Arkin, chief technology officer of Insightix, based in Ra'anana, Israel. Arkin presented his methods for bypassing the technologies in early August at the annual Black Hat hacker convention in Las Vegas.

Arkin maintains that, despite his public warnings and other software vendors' concessions that NAC is not yet foolproof, many companies are adopting the technologies without understanding the risks involved.

Read the full story on eWEEK.com: Today's NAC Remains Vulnerable to Attack