NAC

Thomas Dagonnier dago158 at bluewin.ch
Fri Jul 13 09:40:37 CEST 2007


On 11/07/07, Alan DeKok <aland at deployingradius.com> wrote:
>
> > It's another topic that I'm overall sceptical of NAC, IMO a network should
> > only reactively shut a client down *after* it did something wrong, not
> > proactively sniff around the local environment and lock it away at once. But
> > NAC is here to stay I guess. :-(
>
>   I understand it's useful to set requirements for network access.  "You
> need a username, password, and a system that isn't susceptible to
> viruses".  The pro-active scanning is nearly impossible to implement
> correctly.  NEA largely seems like a group of people who want to
> standardize a pre-existing solution, and are surprised that there are
> people with different points of view.

Regarding some comments made earlier in NEA list, wouldn't
an approach similar to microsoft ("statements of health" or SoH) would
be a better solution ?

In this case, the client would just send its status (SoH) and get an
answer from the server (+ network access granted/isolated/denied).

Granted, it is really a "microsoft-standard" (no implementation, but
there are already backward compatibility requirements with previous
version) - but the idea in general ?

dago



More information about the Freeradius-Users mailing list