Monday, September 05, 2005

"Lockdown Enforcer" appliance to challenge Cisco NAC

The appliance is connected to switches and does not let any client access the network unless the client is compliant with patch-level-policy, or anti-virus-policy. Non-compliant clients are moved into a quarantine VLAN.

Alternative approaches are "Inline-Solutions" (Vernier Networks, InfoExpress, Sygate which is currently been swallowed by Symantec) and homogenous switch-based solutions like Cisco NAC.

Cisco NAC eventually requires switch upgrades and the Cisco Trust Agent on each client. Lockdown's solution however works agent-less as long as the client is a member of the administrative domain (whatever that exactly means); guest-systems are supported by an applet-agent (whatever that exactly means ...).

Interesting stuff, especially now that DELL switches are so dirt cheap.