Sep 28, 2007 (08:09 PM EDT)
IT Survival Guide: NAC Success Depends On A Solid Foundation
Read the Original Article at InformationWeek
What's that? Your CEO played golf with a sales rep and is ready to cut a check for a pile of new network access control gear?
Don't clear space on the loading dock just yet--the most difficult part of NAC is developing the policies that will determine when and how computers may access network resources. Policy development must be completed before you even consider product features.
NAC policies require that computers have the latest patches and are in an acceptably secure configuration for the tasks they're trying to perform and the data they're attempting to access. Based on how a computer lives up to these preset requirements, access controls determine the servers and services it can access. An enforcement component can ensure that an out-of-spec system is directed to an update site or given access to the Internet only.
Any number of actions could be applied. At the wishy-washy end, you could grant network access with a warning. Or maybe before allowing the consultant to connect, you have him sign a guest agreement in which he states that his laptop has up-to-date security protection. What's important is deciding up front.
PLAYS WELL WITH OTHERS?
Lining up your existing network equipment against the multiple assessment and enforcement methods a NAC product has available to support your policies is also critical. For example, while 802.1X is a robust and secure enforcement method, some infrastructure gear doesn't support 802.1X and can't be upgraded. An alternate enforcement plan will be needed until new switches are in the cards.
If you lay the groundwork by tailoring your policy requirements to what you're trying to accomplish with NAC and pair that with your existing and planned network infrastructure, your purchase and deployment will be far less stressful.