[AusNOG] Oh this is a good laugh.
Dobbins, Roland
rdobbins at arbor.net
Tue Jun 22 15:28:32 EST 2010
On Jun 22, 2010, at 12:07 PM, Mark Caetano wrote:
> I'm sure that after this, there will be a wave of 'spoofers' to fool these systems into thinking they're all locked down, either installed by the owner themself or by some haxor as part of a botnet script. - It just gets better and better :)
<http://www.cisco.com/en/US/products/products_security_response09186a00808110da.html>
<http://www.cisco.com/en/US/products/products_security_response09186a008071d609.html>
;>
When NAC was first proposed (long before it was announced and attempted to be productized), I was resolutely opposed to it because of its fundamental flaw - namely, that one simply can't trust end-nodes to self-report security posture, as they'll be subverted and will then misreport. I also noted that posture assessment doesn't matter, anyways, as the miscreants always find ways around (or even to exploit) antivirus and other end-point protective measures - and pointed out that it isn't scalable, anyways, even within small organizations.
These flaws aren't specific to any one vendor's implementation; rather, it's the fundamental concept which is unworkable.
Events have validated these misgivings, given the essentially zero uptake of NAC-type solutions in the industry in the 6 years or so since its introduction. It's quite surprising to see the utterly discredited NAC canard being raised yet again in the context of a Parliamentary enquiry.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the AusNOG
mailing list