EAP-TNC support or any other method to enforce some security policies on client?

Alan DeKok aland at deployingradius.com
Mon Mar 19 15:20:59 CET 2018


On Mar 19, 2018, at 2:12 PM, Brian Julin <BJulin at clarku.edu> wrote:
> 
> There are scores of commercial offerings.  All have their plusses and minuses.
> There are no clear dominant winners in this market.  I'm hopeful Aruba
> ClearPass

  ... re-branded FreeRADIUS.  From ~15 years ago.

> I've actually been researching this market for work and I have not seen a single
> compelling case by any of these vendors that their NAC product won't be
> a giant time vampire.  Currently we are subsisting on the Enterasys/Extreme
> product

  another rebranded FreeRADIUS.  But up to date. :)

> Many in the industry have thrown up their hands at this situation and now walk
> around spouting nonsense about NAC being old fashioned and the new
> fancy is doing dynamic policy enforcement based on network scans and reactive
> firewall events... which of course you should do, but it is no substitute for NAC,
> and doesn't help you with the onboarding part either.

  NAC is largely dead.  If the end system is up to date, then it's as secure as we can make it.  If the system isn't up to date, then it should be brought up to date.

  Anything more is just too hard.  Especially once you start adding iPhones, etc.

  Alan DeKok.




More information about the Freeradius-Users mailing list