At BlackHat this week Ofir Arkin, CTO of a network scanner and asset management vendor Insightix points out a few technical issues with the way NAC, as envisioned by Cisco, is currently designed. Among them:
All good points but I believe technical arguments against NAC, Network Admission Control, are out-weighed by more fundamental problems with trusting endpoints to report their health. See my column on NAC vs Secure Network Fabric published last week.
The confusing thing about this debate is that those companies that do Network Access Control use the NAC acronym as well. To keep it simple just remember: Access Control, good. Admission Control, bad.