Experts Point to Weaknesses in NAC SecurityBy Matt Hines | Posted 2006-08-03 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Black Hat Briefings: Security experts gathered at the Black Hat conference maintain that NAC systems, which are growing in popularity among enterprises, are vulnerable to a range of attacks.LAS VEGASWhile Network Admission Control technologies are being heralded as a major step forward in helping to secure corporate IT infrastructures, security researchers contend that the tools remain open to a range of threats.
At the Black Hat Briefings security conference being held here July 31 through Aug. 3, experts identified a slew of potential techniques that hackers can employ to circumvent existing NAC technologies, including those offered by major vendors such as Cisco Systems. Ofir Arkin, chief technology officer at network monitoring software maker Insightix, of Framingham, Mass., highlighted a litany of backdoors and vulnerabilities he claims are present in many NAC installations.
Among the most critical weaknesses applicable to NAC environments are those revolving around the use of DHCPs (Dynamic Host Configuration Protocols), which provide configuration guidelines for devices seeking to access a network. Since DHCP is one of the easiest methods for installing NAC infrastructuresa project that remains admittedly tough for even the most mature IT organizationsattacks against the technique, including the use of static IPs (Internet Protocols) by attackers to secretly gain access to a network, are a widespread issue, Arkin said.
"At the end of the day, when you're looking at companies using DHCP, many also have other address bases for servers and different types of end users, and someone can easily bypass such a system by assigning a static IP address to their machine," Arkin said. "And the detection element [of DHCP] only scans the network at Layer 3, with no knowledge of the network's topology. That also leads to the existence of other uncovered venues that could be used to provide access to the network."
Read the full story on eWEEK.com: Experts Point to Weaknesses in NAC Security
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.