Friday, 4 August 2006

Flaws in NAC Security

Network access control (NAC) is considered as one of the ultimate protections against security threats, but security expert Ofir Arkin of Insightix said there is a lot of room for improvement in the technology.

At the Black Hat Briefings conference in Las Vegas, Arkin brought out the vulnerabilities aspects of NAC technologies from vendors such as Cisco, Microsoft, and Symantec. He said the current generation NAC solutions is full of holes that makes it easier for hackers to easily break the security of organizations.

"It's a valid technology and something you need to consider as part of your network security," said Ofir Arkin, chief technology officer and co-founder of Insightix Ltd., a maker of NAC software used to monitor network traffic and probe devices as they attempt to connect.

He pointed out that Cisco System’s Network Admission Control, that enforce access through network switches, also have weaknesses. Cisco's NAC technology is specific to their switches and routers, but enterprises often use a mixture of switching and routing gear. Hackers can find their way into an enterprise network simply by finding and connecting through an unmanaged switch, he said.

Cisco CSO John Stewart acknowledged that the technology has a way to go before it provides comprehensive protection.

"It's inherently going to be found that there are weaknesses. But I think that's the wrong thing to focus on. We want to address the weaknesses but focus on the benefits," Stewart said.