Top 10 List of Things NAC Cant Do

What is Network Admission Control (NAC)? Basically, it controls admission of endpoints on to the network by verifying
the presence of specific vendors/versions of antivirus, anti-spyware, OS patches and major application patches. NAC
alone is not a complete solution for LAN security. NAC alone leaves your LAN vulnerable to threats from a wide range
of sources. Specifically,

1. NAC cant check for threats (BOTS, rootkits, backdoors, etc.) that are already resident on endpoints. This means
those threats can easily gain entrance and release their malicious cargo onto the network, exposing many users;

2. NAC cant quarantine individual users users not meeting corporate desktop software policies are placed into a
common VLAN. With the exponential numbers of unique threats, chances are that users risk cross pollinating
different security risks and infecting each other;

3. NAC cant indiscriminate in its actions to various types of users as it is machine oriented rather than user oriented;

4. NAC cant apply role-based policies; access control is relegated to static ACLs from VLAN to VLAN which is
ineffective and cumbersome to manage;

5. NAC cant detect and stop malicious user activity;

6. NAC cant stop network-borne threats such as worms from propagating since they do so after the network connection
is established;

7. NAC cant provide visibility into each users network activities leaving an administrator without insight in to what
happened while the user was on the network;

8. NAC cant be centrally managed your network is dependent on hundreds or thousands of desktop software instances
to identify and stop new threats;

9. NAC cant defend itself and could be the source of inevitable vulnerabilities associated with client based software
solutions, and

10. NAC cant alone secure your LAN! NAC does not protect the endpoint, user, applications, data or the network after
admitting the endpoint access to the network. NAC only checks that specific software is present.

NAC is an integral requirement for LAN security but you need more. Checking for endpoint security policy compliance
only provides protection BEFORE the user is on the network. Networks need security protection DURING the
connection and visibility into security events provided AFTER the session is over. By limiting your LAN security
deployments to only NAC you are inviting the most serious security threats onto you network. Even with the bevy of
desktop security software installed, running, and up-to-date, NAC leaves your network vulnerable.

Nevis Networks LANenforcer provides a comprehensive security solution for your LAN without compromising
performance. Whether you are upgrading your network, adding new switch ports to accommodate growth, or looking to
increase security while driving down complexity and costs, LANenforcer is the first access switch to embed security at the
edge of your network where it is needed most. To learn more about LANenforcer, visit our website at
www.nevisnetworks.com or call us at (650) 254-2500.

2006 Nevis Networks. All rights reserved. Nevis Networks and LANenforcer are trademarks of Nevis Networks.

Nevis Networks 500 N. Bernardo Avenue, Mountain View, CA 94043 Main 650.254.2500 Fax 650.254.2555 www.nevisnetworks.com