Today’s panel on NAC was a blast! Mike Fratto mainly took questions from the audience. When there were slow spots, he asked some tough questions of his own. I prefer this approach to panels. Customers have the most interesting, real-world questions!

I was surprised how many of today’s questions focused on standards. The attendees were impatient with the delays in getting NAC standards implemented. I share their impatience. The TNC standards have been around for more than four years. They’ve been implemented by Juniper, Microsoft, and dozens of other vendors. Why don’t other vendors just implement them?

Steve Karkula of Nokia was a welcome addition to the usual cast of characters on a NAC panel: Cisco, Microsoft, and TCG. Steve is involved with Nokia’s SourceFire product. He pointed out the value of including behavior monitoring in a NAC system. I couldn’t agree more! These days, NAC is much more than checking the health of devices when they connect to your network. State-of-the-art NAC systems customize access for each user or role and monitor behavior so they can block misbehaving endpoints. Really cool systems link identity and behavior monitoring so that they know what behavior’s appropriate for each user!

An interesting followup question was how to monitor behavior when more network traffic is encrypted. The panelists had a variety of answers: doing monitoring on the servers, on the endpoints (only if you trust them!), or at the edge of the data center (if you terminate the encryption there, as is often done with load balancers, SSL offload devices, and such).

All in all, it was an interesting panel. I’m sorry if you couldn’t be there. I hope to see you at one of my upcoming talks!

I’m in NYC for Interop NY today. I’ll be speaking on a panel about NAC at 10:15 AM with Microsoft, Cisco, and Nokia reps and Mike Fratto as moderator. It should be entertaining and enlightening. At least, I hope it will be! I’ll blog about it this afternoon. If you’re at the show, please come by and say “Hi” or ask a question.

I wanted to point out Mike Fratto’s blog posting about the NAC Day panel. It sounds like a great discussion with customers pushing hard for vendors to support NAC standards. The TNC standards have been out for more than three years now and free for anyone to implement. Most vendors have done so or at least announced plans to do so. Cisco is the only holdout. I’m glad to see customers pushing hard for them to support these standards. I hope these words translate into actions. As they say, “money talks”! The only way to get some vendors’ attention is to put a requirement in your NAC RFP saying “must support the TNC standards”.

2008

October 7: ISSE 2008 at 3:15 PM on Tuesday, October 7 in Madrid.
The topic is “NAC 2.0 - Unifying Network Security”. For info on the conference, see http://www.isse.eu.com

October 27: Speaking at RSA Europe  as part of Trusted Computing seminar

October 29: At RSA Europe, I will be speaking twice: once in the TCG Seminar on Monday and once in an individual talk on Wednesday, October 29 at 10:30 AM. The topic for the second talk is “NAC 2.0 - Unifying Network Security”. Also, the URL for the TCG seminar has change to http://www.rsaconference.com/2008/Europe/Agenda/Trusted_Computing_Group_Seminar.aspx

November 18: keynote speaker at CSI 2008. I’ll be speaking at 8:30 AM on Tuesday, November 18. You can link to this URL for the conference: http://www.csiannual.com

Past Appearances:

April 28: Panel from 1315 to 1415 at NAC Day at Interop Las Vegas

May 20: Plenary speech on “Network Access Control and Beyond” from 0900 to 1030 at Terena Networking Conference in Bruges, Belgium

June 12: Speak on “Open Standards for Network Access Control” from 1615 to 1700 at Interop Tokyo

June 18: Present on “Open Standards for Network Access Control” at Network World IT Roadmap in Boston