With LAN-based NAC/NAP solutions, the assessment of devices occurs as they attempt to gain access to the LAN — and sometimes at intervals after that. When machines come onto the LAN, they do so by physically coming back to the office or using a VPN to connect. Many VPN appliances have the capability to check the security posture of devices as they VPN back into the corporate network. If the security posture is deficient, access can be prohibited or limited. Clearly, this is performing a component of NAC/NAP functionality.
This type of functionality exists in the two primary types of VPN appliances:
For some companies, implementing a full-blown NAC/NAP solution isn't in their immediate futures. At the same time, they may recognize that mobile systems pose a serious threat to their LAN and would like to take advantage of a technology to assist with this problem. This is a perfect example of where using existing technologies such as VPN devices can help add NAC-like functionality.
When mobile systems attempt to create a VPN back to the corporate network with their IPSec VPN clients, there are security advantages to assessing those clients before full access is allowed. While many IPSec VPN devices can perform this functionality, let's focus on Nortel's VPN solution.
A while back, Nortel introduced its Tunnel Guard functionality to its VPN devices. Tunnel Guard is an application ...