Ofir Arkin of Insightix (http://www.insightix.com/) raised questions about the efficacy of NAC technologies, saying that the current generation of NAC solutions is riddled with holes.

For example, NAC solutions that work DHCP (Dynamic Host Configuration Protocol) proxy servers, which are deployed in between a DHCP server and a LAN, offer little protection from machines that obtain static IP addresses for their network connections, rather than using DHCP. That makes significant portions of enterprise networks invisible to the NAC access control products, Arkin said.

NAC solutions that enforce access through network switches, such as Cisco Systems' Network Admission Control, were also cited as having weaknesses. For example, Cisco's NAC technology is specific to its switches and routers, but enterprises often use a mixture of switching and routing gear. Hackers can find their way into an enterprise network simply by finding and connecting through a unmanaged switch, Arkin said.

In an interview with InfoWorld, Cisco CSO John Stewart said NAC is in its infancy and has a ways to go before it will provide comprehensive security, but added that wasn't a reason not to adopt it.

"The technology's immature. But [NAC] will increase my capability to keep my network in good condition," Stewart said.