Phil Mayers wrote:
I haven't been following the NEA so their work might be rubbish,
<cough> Absolutely NOT. *Never*. It will solve _all_ the problems of NAC.
but the untrusted client-side nature of the software does not make it intrinsically worthless - the reason being that for someone to trick out the software, they have to EXPLICITLY install and configure some other software, which is a clear AUP violation and when detected (a system asserts it is patched gets hacked) can be dealt with at the appropriate level of severity with the organisations administrative (not technical) group.
NAC is largely trying to solve a problem that is 3-4 steps away from the current administrator's work. 1) What's on my network -> many people don't know 2) What OS's are on my network 3) are they up to date 4) if so, virus, etc. matters rather a lot less. Alan DeKok.