Tuesday, October 30, 2007

NAC is on Storm's path

Network World

Security: Network Access Control




Network World's Security: Network Access Control Newsletter, 10/30/07

NAC is on Storm's path

By Tim Greene

The Storm worm could cause trouble for NAC.

A newly discovered feature of the versatile malware lets it interrupt applications as they boot up and either shuts them down or allows them to appear to boot, but actually disables them.

The implication is that if used against antivirus software, the software would appear to be running and scanning for viruses when really it is doing nothing. NAC scanning agents would think the software is running and report that back to the NAC server. The infected machine would pass that part of the health check.

Webcast: Get the latest on NAC

Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected.

To learn more click here.

Several NAC vendors acknowledged that this could render the NAC health report inaccurate, and had several suggestions about what to do.

First, get a NAC product that includes post-admission NAC. Even if a machine is infected, this phase of NAC could track its behavior on the network and quarantine it or disconnect it altogether if it engages in anomalous behavior.

Second, supplement NAC with other security products such as anti-rootkit software.

And third, use NAC preadmission products when they are available that tap into security chips placed in the computers that would detect that something is amiss.

As a matter of course, businesses should design the admission policies to constrain users as much as possible while letting them do their jobs. That way whatever damage an infected machine might do is limited.

A security expert who talked about this application-numbing feature of the Storm worm at Interop last week says it seems to keep adapting and developing new characteristics. Stay tuned.

Editor's note: Starting Tuesday, Nov, 13, this newsletter will be renamed "Security: Network Access Control Alert." Subscribers to the HTML version of this newsletter will notice some enhancements that will provide you with access to more resources relevant to IT security. You will still receive Tim Greene's analysis of this market, which you will be able to read in its entirety online at NetworkWorld.com, along with links to relevant news headlines of the day. We hope you enjoy the enhancements and we thank you for reading Network World newsletters.


  What do you think?
Post a comment on this newsletter

MOST-READ STORIES:
1. Networking's 50 greatest arguments
2. Storm worm strikes back at security pros
3. Cisco certifications: All you need to know
4. Top 20 Firefox extensions
5. Technology's 10 most mortifying moments
6. 10 reasons ITIL spooks IT managers
7. Unlimited gall to cost Verizon $1 million
8. Storm worm can befuddle NAC
9. Leopard ships, 300 new features
10. Hackers use Cisco VoIP to access network

MOST-READ REVIEW:
HP's 'shorty' blade server takes fresh approach


Contact the author:

Tim Greene is a senior editor at Network World, covering network access control, virtual private networking gear, remote access, WAN acceleration and aspects of VoIP technology. You can reach him at tgreene@nww.com.



ARCHIVE

Archive of the Security: Network Access Control Newsletter.


BONUS FEATURE

90% of IT Managers are leaving their company at risk for a DNS ATTACK. Get the tools and resources you need to keep your DNS healthy and secure. Run a DNSreport on your domain today - 56 critical tests run in 8 seconds.

Visit www.dnsreport.com to learn more. (apply coupon NWW2007NLA for a 25% membership discount)


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: networking.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

1 comment:

Justin Lofton said...

In my experience, Riverbed Steelhead appliance has the best of breed solution for network acceleration. I work as an engineer, for a Cisco partner and we are also partnered with Riverbed, because they have the best network optimization technology out there at this point. I have a lot of comparison data on all the competitors if anyone is interested. Forrester, Gartner, etc. Just shoot me an email.

Justin Lofton
Systems Engineer
justinl@tredent.com
Tredent Data Systems, Inc.
Steelhead Mobile Information