NAP to be 'kicked out' of Vista

Microsoft's Network Access Protection tools could be removed for being too complex

Microsoft’s Network Access Protection (NAP) technology may be dropped from its forthcoming Windows Vista operating system, while the industry remains divided over the definition of network access control (NAC) and the problems it is trying to solve.

Jan Guldentops, director of the BA Test Labs, dismissed NAP as vapourware and said it was too complex for Microsoft to get working in time for the Vista launch, or for enterprise buyers to understand.

“Microsoft is better at creating hype than creating solutions. It promises that NAP is going to be in Vista, but it said a lot of other things were going to be in Vista that won't be, like its new file system and search engine. I think that NAP also will be kicked out eventually,” he said.

Jeff Prince, CTO and chairman of network security firm ConSentry Networks, said that all existing NAC solutions, including Microsoft’s NAP, are too complex for the specific security access issues that IT managers need to address.

“Most times it is about controlling guest and client access, and it’s about information lifecycle management (ILM). Those are the real problems that enterprises want to solve. The things that NAC addresses have yet to evolve in the enterprise,” he said.

“NAC will help ensure that end-points are compliant with certain policies, so that IT managers know if patches to antivirus, firewalls and IPS have been installed [on user devices]. But will it actually bring more security, that is the question to be asked?” added Johann Beckers, European director of technology solutions at Internet Security Systems (ISS).

Peter Crowcombe, director of enterprise marketing at Juniper Networks, believes vendors should concentrate on building more interoperable access control solutions and put the same effort into LAN security that they have into more vulnerable WANs.
“We need to address the LAN space as well and make it simple and seamless with the WAN. We need to protect stupid people and dangerous people; those are the two main culprits in network security,” he said.