The Sys-Security Group

According to my definition, at its basis, a network access control solution is first and foremost a security solution. It must ensure that only authorized devices are allowed to access and operate on the enterprise LAN. Only after the NAC solution ensures an element is authorized to operate on the enterprise LAN other access control tests, such as tests that validate the device posture, are to be initiated.

The access policy should be defined prior to the deployment of NAC, so the NAC solution would be able to enforce it.

Although it sounds logical and straightforward that a network access control solution should guard against unauthorized access, for many NAC solutions this is not so…

Operating without contextual network information these NAC solutions may only operate against the elements they are aware of, and not against all of the devices that are actually operating on the enterprise LAN.

In this situation a rogue device can be attached to the enterprise LAN, use its resources, and put the stability, operation and integrity of the enterprise LAN at risk.

In my opinion this is a serious threat. If the NAC solution you are evaluating is not able to perform element detection in a complete, accurate and real-time manner, it is not the solution you should buy.

I have just got back home from ShmooCon ‘07 where I gave a presentation about bypassing NAC (an updated presentation). Overall the conference was a very good one (content wise), and well organized with about 1200 attendees.

From the number and type of questions I have been asked during my presentation and afterwards, it seems IT professionals are now asking more tough questions about NAC. It is surly a trend I have identified after my BlackHat 2006 presentation, where a growing number of people now understands what NAC is; what it should and should not provide, and that asking the right questions about NAC.

A NAC solution that can be bypassed or does not identify elements operating on the network is not a solution someone should consider. It actually creates a false sense of security and cannot meet an organization’s compliance requirements.

Richard Bejtlich of Tao Security did a nice write-up about the conference and about my talk.

Apple TV is now available from your local Apple store. 300 USD is its price tag (no cables  included).

Other then the hype, and the cool menu system does Apple TV worth the money and is it better then its competition (i.e. Netgear EVA8000, etc.)?

The remarks I have regarding Apple TV sums up, currently, to the contents it would allow playing on your TV. Apple TV will play iTunes-based content only. And one of the biggest drawbacks I find with it is the inability to play XviD-based contents (while its competition can).

Usability wise Apple TV is far better then its competition. If usability is what you are looking for then Apple TV is a clear winner (and it is something most of the people would be able to install and handle). If the content is what concerns you, then Apple TV might not be your choice.

Currently the number of bugs associated with Apple TV is far less then those associated with its competition. But only time would tell whether Apple would learn from its first release, add additional capabilities, and fix what is needed.

I can not ignore the fact that you pay 300$ but you do not get any cables with Apple TV. You need to add another 20$ to get these. I think this is lame, and it reminds me of the MacBookPro story with the 50$ modem. It is time Apple understands this is not the right thing to do.

In the mean time there are several sites and write-ups, which offers Apple TV hacks. One of them is Apple TV Hacks, and the other is a thread over at Something Awful, which discusses how to make “xvid working on the Apple TV“.

For the meantime I am not going to get the machine. I am waiting for the second generation. In my opinion I cannot trust Apple anymore with its first generation products.

My MacBook Pro is a first generation MacBook Pro with the Core Due Intel processor. From day one I had several hardware issues with the machine, which ended when Apple completely replaced my machine.

Now days, I have found that most of these problems are back. My display needs replacing (according to Apple), my optical drive does not read DVDs any more, and my battery would not charge. The machine is 8 months old…

To my surprise I am not the only one who suffers from hardware issue with the MacBook Pro. Some of my friends suffer from these as well. One of them had his MacBook Pro Intel Core Due 2 machine replaced just to find the same problem persist with the new machine he received. His problem is that the power adapter would not charge the machine… My friend is now considering either receiving his money back or getting a MacBook instead.

In my opinion, which I have expressed in the past, Apple is no longer shipping quality hardware products and this is going to cost them in the near future with people turning away from Apple hardware.

Popular mechanics has an excellent piece on the new Airbus A380. The write-up includes a video footage of the plane from the outside and inside. I must say that after reading the review and viewing the video I am ok with taking a flight on one of those in the future.