SSL VPNs Play Central Enforcement Role in Network Access Control (NAC), Says Leading Analyst

By | March 31, 2006

Secure Sockets Layer Virtual Private Networks (SSL VPNs) have a central enforcement role to play in Network Access Control (NAC) architectures, according to leading analyst Jeff Wilson, Infonetics Research. As the NAC architecture is envisioned by Infonetics Research, an SSL VPN device can serve as the secure gateway and the policy enforcement point, controlling access to network resources by both internal and remote users.

“Early visions of NAC involved building up or retrofitting network infrastructure, adding security control into every switch and router, so they could play traffic cop for the network,” said Jeff Wilson, principal analyst, Infonetics, who outlined NAC in a Webinar broadcast this week. “However, you can deploy NAC without having to upgrade or disturb your existing network infrastructure by using standalone NAC appliances and an SSL VPN gateway.”

The Webinar on “Controlling Network Access Using SSL VPNs” featuring Jeff Wilson is available on-demand at:

Network Access Control (NAC), as defined by Infonetics, is a framework that allows companies to secure access to network resources for all users by enforcing policies on the health of the user’s computer, the user’s identity, and the information the user wishes to access. According to Wilson, this enforcement is managed with the following steps: Authentication of the user (regardless of location), Device integrity checking on user’s end point, Comparison analysis of authentication and device integrity to centralized policy, Controlled access granted, access denied, or device quarantined for remediation.

SSL VPNs are ideal for NAC enforcement, because most solutions handle all of these required steps, Wilson indicated in the Webinar. For example, SSL VPNs have a strong client integrity checking functionality built in, they provide granular access controls at the application layer, which is more secure, and they are tested, trusted, and deployed by thousands of organizations around the globe for remote access. Enterprises can easily extend utilization of an SSL VPN for NAC enforcement, stated Wilson.

While remote access will remain the primary driver for SSL VPNs overall, companies who buy SSL VPNs initially for remote access will quickly turn them inward and use them for NAC-like solutions, stated Wilson in a recent report, entitled, “Enforcing Network Access Control: Market Outlook and Worldwide Forecast.”`1 In that report, Infonetics’ forecast showed that more than two-thirds of SSL VPN gateways will be used in NAC deployments by 2008.

“In the future, all users will be treated as if they are remote and all end points treated as un-trusted, and our SSL VPN will be the secure gateway between all users and applications,” said Chris Witeck, director of product management, Aventail. “We have many customers starting down this path by using our SSL VPN to secure access via their internal wireless networks, and the next step will be using it for all LAN-based application access.”

Leave a Reply