Its been a while since I blogged (sorry!) as we are all heads down getting RC1 out the door, but today I came across an article I thought I would share with you. It’s called “Beyond NAC: The Internal Controls” on Enterprise Security Today.
The article talks about a product from a new company called Applied Identity, they talk to their product as the intersection between ID management and network security; it acts like a firewall and performs identity based access control when users try to access the resource based on active directory groups.
This is essentially a Layer 2 approach to what we do with our own Server and Domain Isolation solutions based on IPSEC; using this approach you get to take advantage of the rich policy and identity information you have available higher in the stack to accomplish granular network segmentation based on rights and identities.
Network Access Protection builds on the Domain Isolation and Server Isolation concepts by adding health as a concept you can create your access policies on.
I have read a bit about the Applied Identity product, and I think they have it right that identity based conditional access inside the perimeter is important and this is why we have provided support both perimeter based approaches (VPN and RAS) as well as L3 approaches like IPSEC allowing us to enable the same scenarios.
My favorite quote was “type of control will be the logical next step for the vendors pursuing NAC technologies”, I guess that means NAP is already a generation ahead of other NAC solutions.
Ryan M. Hurst
Lead Program Manager
Layer 2 Authentication and Authorization
Windows Enterprise Networking