In a presentation at this year's Black Hat Briefings conference in Las Vegas, Arkin raised questions about the efficacy of NAC technologies from vendors such as Cisco, Microsoft, and Symantec, saying the current generation of NAC solutions are riddled with holes that make it easy for hackers to circumvent their protections.

A Cisco executive acknowledged that the technology has a ways to go before it provides comprehensive protection.

In a wide ranging presentation that mostly avoided dissections of specific products, Ofir said that across the board NAC solutions have holes or vulnerabilities in their protections that could be used by malicious hackers to gain entry to NAC protected networks.

For example, NAC solutions that use DHCP (Dynamic Host Configuration Protocol) proxy servers to enforce security policy do nothing to stop machines that obtain static IP addresses for their network connections, rather than using DHCP. That makes significant portions of enterprise networks invisible to the NAC access control products, Arkin said.

NAC solutions that enforce access through network switches, such as Cisco Systems' Network Admission Control, also have weaknesses, Arkin said.