Just click on the webcast of your choice to register: Explore Business Intelligence Open Source Offerings October 26, 2006--1:00pm EDT, 10:00am PDT Join us and learn how the Business Objects XI platform embraces open source software (OSS) through its broad business intelligence (BI) offerings. Built on an open platform that can match disparate technologies environments deployed by application providers, Business Objects leads the BI industry by supporting OSS from Red Hat Linux and SuSE Linux operating systems, MySQL database and Eclipse IDE. Register Now > Transformation as an Enterprise Service October 24, 2006--11:30am ET, 8:30am PT Learn how to achieve interoperability between otherwise incompatible enterprise content management systems and transform legacy business functions to agile, SOA-enabled solutions. Register for this October 24th webcast, sponsored by Xenos. Register Now > Storage Strategies for Small Businesses November 7, 2006--2 p.m. EST, 11 a.m. PST When it comes to storage, small and medium businesses have a lot in common with large enterprises. Just like the Fortune 400, they need to ensure that data is backed up, retrievable and secure, and that data access complies with governmental regulations. Unfortunately, if you are a small business owner you also cope with some challenges the big guys don't have, budgets are small and your IT staff, if you even have one, may not have storage-specific expertise. Attend this webcast and learn storage strategies to meet your growing business demands. Register Now >

Related Articles •Dodging NAC's Silver Bullet •Network Access Heats Up With 802.1x Funk •Juniper's Infranet Gains Control

Networking & Communications Glossary directory service honeynet intranet intrusion detection system network appliance NFS port scanning protocol security VPN Search for more networking terms ...

FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum Text Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly Text Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet Text Grid Computing Planet HTML E-Security Planet Text E-Security Planet HTML Virtual Dr. Text

Juniper Gets Ready to Roll UAC 2.0
September 15, 2006
By Sean Michael Kerner

Network Access Control (NAC) is quickly becoming a generic term for a wide swatch of network access control technologies from various vendors.

It's important to note that NAC as a technology is a term used by Cisco for its product.

Rather than fall in line with the generic, Cisco's lead rival, Juniper Networks (Quote), is pushing its own term for access control, which it has dubbed Unified Access Control or UAC for short.

Juniper is planning on using next week's Interop trade show in New York as a showcase for its next-generation UAC 2.0 initiative.

Karthik Krishnan, Juniper Networks' UAC product manager, explained to internetnews.com that Juniper originally announced UAC late last year.

Currently UAC is in version 1.2, which is what Juniper will be showing in its booth while the next generation 2.0 will be showcased at the InteropLabs demo, which itself is a showcase of networking technologies.

The existing UAC 1.2 solution is comprised of Juniper Infranet controllers, which were released last October.

The UAC 2.0 solution will bolt on the new 802.1x technologies that Juniper gained with its acquisition of Funk Software. The 802.1x IEEE standard provides for port-based security.

"What this really provides us with is the ability to provide access control across the entire duration of a user's access to the network," Krishnan explained.

"Prior to them even getting an IP address it provides the ability to validate the end point and the ability to validate the user identity and allow them onto the network."

Once users are on a network, they can take advantage of the existing functionality in Juniper's infrastructure products to provide controlled access to resources and applications in a very granular format.

Juniper's UAC is also supporting at least two of the Trusted Network Connect (TNC) standards. TNC is an effort to provide open standards for access control. Krishnan noted that there are two TNC specifications that are relevant to UAC, which Juniper supports.

"The first thing is just using RADIUS (define) assignments for VLAN (define) attributes across heterogeneous networks," Krishnan explained.

"So by supporting the TNC specification, we are able to use the Infranet controller to set standard allow/deny decisions on any vendors' 802.1x switch or access point."

The ability to allow customers to leverage their existing infrastructures is a critical element of UAC, according to Krishnan. In his view, customers don't want to necessarily change to a single vendor solution just to make network control happen.

The other key TNC specification is one for endpoint solutions to plug into an access control framework.

The net effect of the TNC endpoint spec is that any endpoint solutions, regardless if whether it's patch management or antivirus, will have the ability to write to a single set of APIs and be able to leverage that against all of the NAC solutions.

Network access control solutions recently came under fire at the Black Hat conference in Las Vegas, where Ofir Arkin, CTO of security research firm Insightix, explained how easy it was to bypass many non 802.1x NAC-type solutions.

"We've taken a lot of pains to make sure the solution is secure and that it can't be bypassed," Krishnan said.

One of those "pains" is to not use some manner of DHCP (define) method for authentication.

DHCP approaches to NAC were ridiculed by Arkin at Black Hat as being inherently insecure.

"One of the reasons we haven't done DHCP is that you can bypass it; it's just not very secure," Krishnan agreed. "It really provides you with a phantom illusion of access control when you're not really getting it in the network."

Krishnan also took aim at the notion that only Cisco will interoperate with Microsoft's version of access control called Network Address Protection (NAP).

"We don't have an announcement at this time but are having ongoing conversations with Microsoft," Krishnan said.

"And given that Longhorn Server isn't due till the second half of '07, I expect that when Microsoft actually ships NAP we will have all sorts of integration with the solution."

One of the biggest obstacles to access control adoption for Juniper isn't necessarily the technology; it's the crowded nature of the NAC marketplace itself.

"The critical thing is to rise above the noise," Krishnan said. "Every vendor is claiming to have a NAC solution."

Juniper is expected to release UAC 2 to the marketplace in the fourth quarter of this year.

Accelerate your applications 15x with Citrix NetScaler
The power to make just about any place a workplace. The new BlackBerry(R) 8073e with GPS. From Sprint.
Whitepaper: Learn Why Smart Money Trusts HP Integrity Servers w/ Itanium 2 Processors
Webcast: Achieve interoperability between incompatible enterprise content management systems.
Enterprise Networking Planet Webcast: Promoting an ID Management Strategy