I think I'd rather go 100% wireless. :)
Lee -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Philippe Hanset Sent: Friday, March 06, 2009 1:55 PM To: [email protected] Subject: Re: [WIRELESS-LAN] NAC polling: Wired AND Wireless Technically you could trunk each port (802.1q) , have all ethernet adapters with 802.1q support and push the VLAN on the driver via AD ...there is your NAC in AD... A bit of a spanning tree nightmare, but what a heck! ;-) On Mar 6, 2009, at 1:35 PM, Peter P Morrissey wrote: > OK, got yah. You're talking about securing a wired port and you're > right. NAC would do that and AD would not. > Pete Morrissey > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected] > ] On Behalf Of Scholz, Greg > Sent: Friday, March 06, 2009 12:30 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] NAC polling: Wired AND Wireless > > I agree with all your purposes of NAC. > But no I don't agree that the AD controls are the same or more than > NAC > because all you need to do to get on the "network" is unplug the AD > machine and plug in whatever you want. > > Greg > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Peter P > Morrissey > Sent: Friday, March 06, 2009 12:09 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] NAC polling: Wired AND Wireless > > I would challenge the "AD is NAC in and of itself" statement also :-) > AD is system access control, not network. " > > [PM] Technically you are correct, but I think you have to step back to > the purpose of NAC, then look at how AD can serve the purpose. > > This of course makes the assumption that the AD machines are locked > down, and in that case I think it is better than NAC. > > In my mind NAC is used for: > 1) Network Access Control > 2) IP to user tracking > 3) Posture checking of the endpoint to either insure that it is > secure. > > While AD isn't technically network access control, you still can't get > on the network until you log into AD, and is there anyone that you > would > want on AD that you wouldn't want to also provide access to your > network? > > If you can lock down an AD machine with the correct security posture, > and prevent people from installing potentially harmful apps, aren't > you > doing pretty much everything most NAC systems can do and in some cases > more? > > Pete Morrissey > > > ********** > Participation and subscription information for this EDUCAUSE > Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
