Networking

09:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

IT Survival Guide: NAC Success Depends On A Solid Foundation

To succeed with network access control, lay the groundwork. Develop policies and inventory your current security infrastructure to maximize integration.

What's that? Your CEO played golf with a sales rep and is ready to cut a check for a pile of new network access control gear?

Don't clear space on the loading dock just yet--the most difficult part of NAC is developing the policies that will determine when and how computers may access network resources. Policy development must be completed before you even consider product features.

InformationWeek Reports

NAC policies require that computers have the latest patches and are in an acceptably secure configuration for the tasks they're trying to perform and the data they're attempting to access. Based on how a computer lives up to these preset requirements, access controls determine the servers and services it can access. An enforcement component can ensure that an out-of-spec system is directed to an update site or given access to the Internet only.

The Opportunity
>> COST CUTTING
Save money and integration time by selecting NAC products that work with your existing infrastructure. Generally, out-of-band NAC doesn't entail a per-client cost.
>> INNOVATION
Rather than controlling access at the network edge, consider flipping your model by centralizing resources in a well-protected data center.
>> KEYS TO SUCCESS
Know what problem you want to solve, and ensure that your NAC system supports required assessment and enforcement methods.
NAC policies contain two distinct parts: conditions, such as computer configuration, user name, or patch status, and actions that define how a system is controlled, such as forcing the computer to change its configuration or making a user log in or apply missing patches. Any of those actions may require a computer to access a server connected to a quarantine network. But what if a user is unable or unwilling to update? Say your high-priced business consultant refuses to perform remediation to conform with your policies. What then?

Any number of actions could be applied. At the wishy-washy end, you could grant network access with a warning. Or maybe before allowing the consultant to connect, you have him sign a guest agreement in which he states that his laptop has up-to-date security protection. What's important is deciding up front.

PLAYS WELL WITH OTHERS?
Integration programs are popping up like mushrooms, but the number of products supported by NAC systems varies widely. Big vendors like Cisco and Microsoft boast 80 or more partners. Chances are, if your company uses common antivirus, authentication, and intrusion detection applications as well as management programs for computer configuration and patch management, they'll be supported by mainstream NAC products. Still, take the time to check and examine your plans to be sure the NAC vendor will support your choices going forward. Exceptions are not only costly to deal with, they can lead to coverage gaps.

Lining up your existing network equipment against the multiple assessment and enforcement methods a NAC product has available to support your policies is also critical. For example, while 802.1X is a robust and secure enforcement method, some infrastructure gear doesn't support 802.1X and can't be upgraded. An alternate enforcement plan will be needed until new switches are in the cards.

If you lay the groundwork by tailoring your policy requirements to what you're trying to accomplish with NAC and pair that with your existing and planned network infrastructure, your purchase and deployment will be far less stressful.

Comment  | 
Print  | 
More Insights
Hot Topics
14
White-Box Switches: Are You Ready?
Tom Hollingsworth 7/28/2014
13
Fall IT Events: On The Road Again With 10 Top Picks
James M. Connolly, Editor in Chief, The Enterprise Cloud Site,  7/29/2014
8
Cisco Certifications Confront Changing Skills Needs
Ethan Banks, Senior Network Architect,  7/30/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed