Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

NAC As A Training Tool: Page 2 of 2

Colleges have a rather unique problem of a large, unmanaged user base, but we can translate some of their experiences and needs to the enterprise where a different set of conditions are in force.

  • Determining a-priori who needs access to which services is a time-consuming and error-prone task. NAC products from vendors like ConSentry Networks, Nevis Networks, and Vernier Software and Technology that can track network usage based on destination servers, ports, and even protocol usage, are well suited to determine who is doing what. You also can use packet and flow analysis at critical points in your network as well without deploying NAC. Once you have a picture of how users are using network resources, you can begin to figure out what resources they should be accessing.
  • You can monitor network usage and if a user is attempting to access some resource they shouldn't, then you could inform them of the violation and provide a means to request an access exception. You would need to have a process to handle those exceptions quickly, but you will be able to balance both access control and the business needs. I bet if one person needs access to resources, others that are similar will need it as well.
  • You can use soft touch on hosts that are out of compliance to inform users that an update is necessary and potentially a reboot will occur. So they need to either save their work now, or leave the computer on overnight. If after a few days of prompts (depending on how critical the configuration change is), they don't acknowledge the required update, then perhaps you force the update regardless. The soft touch balances the need to update systems with the potential for disrupting computing services.
  • You can monitor network activity and discover rogue hosts, personal computers, access points, and other systems that IT may not be aware of. Some of these services may be necessary for the business and cutting them off may not be a viable option. But it adds up to knowing what is out on the network and bringing previously unknown devices under the view of IT.

Not all NAC systems really offer the features to support soft-touch NAC. The decisions are often binary in nature and, depending on the product, you may have to do some custom development, like creating a landing page that offers links to updates and patches, to provide the soft touch.