Q

What to consider when deploying NAC products

There have been some network access control (NAC) success stories, but there has also been a fair share of NAC frustrations and deployment issues. In this expert Q&A, Mike Chapple has questions you should consider before implementing NAC products.

Do you think network access control (NAC) technologies are mature enough for use?

It depends. I know of enterprises that currently run network access control (NAC) products with great success,

and I've also seen cases where NAC projects were scrapped after encountering deployment issues.

The first key to a successful NAC implementation is to carefully research various tools and ensure that they are compatible with your existing infrastructure. If you're running in a fairly homogenous networking environment, it's a reasonable idea to give preference to the NAC product produced by your primary networking vendor. Not only will you have the best shot at interoperability, but you'll also have a single point of contact if you experience implementation issues. When production is down, there's nothing more frustrating than watching two vendors try to pass the buck back-and-forth.

The second key is to ensure the deployment of NAC is politically feasible in your organization. Before you try to roll out NAC, be sure to clear the policy and technology roadblocks by coordinating your deployment with key stakeholders. Here are some items you should consider:

  • Does your networking infrastructure support NAC or are significant upgrades necessary prior to NAC implementation?
  • Does your directory/authentication infrastructure support NAC? If you're going to place different requirements on different uses, this is key.
  • Are the vast majority of systems on your network compliant with your proposed NAC policy? If not, you should consider remediating those systems in advance of the deployment to avoid significant disruption.
  • How will you handle non-compliant systems? If they will be placed in a quarantine zone, will they have access to the resources (e.g. antivirus update servers, operating system patch servers) necessary to become compliant? If they will not be allowed any network access, how will they become compliant? Does your organization have the IT resources to handle a sudden rush of service orders?
More information:
This was first published in March 2007

Dig deeper on Client security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close