
	Home > Ask the Security Experts > Network Security Questions & Answers > What to consider when deploying NAC products

Ask The Security Expert: Questions & Answers

EMAIL THIS

What to consider when deploying NAC products

EXPERT RESPONSE FROM: Mike Chapple

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 06 February 2007
Do you think network access control (NAC) technologies are mature enough for use?

EXPERT RESPONSE
It depends. I know of enterprises that currently run network access control (NAC) products with great success, and I've also seen cases where NAC projects were scrapped after encountering deployment issues.

The first key to a successful NAC implementation is to carefully research various tools and ensure that they are compatible with your existing infrastructure. If you're running in a fairly homogenous networking environment, it's a reasonable idea to give preference to the NAC product produced by your primary networking vendor. Not only will you have the best shot at interoperability, but you'll also have a single point of contact if you experience implementation issues. When production is down, there's nothing more frustrating than watching two vendors try to pass the buck back-and-forth.

The second key is to ensure the deployment of NAC is politically feasible in your organization. Before you try to roll out NAC, be sure to clear the policy and technology roadblocks by coordinating your deployment with key stakeholders. Here are some items you should consider:

Does your networking infrastructure support NAC or are significant upgrades necessary prior to NAC implementation?
Does your directory/authentication infrastructure support NAC? If you're going to place different requirements on different uses, this is key.
Are the vast majority of systems on your network compliant with your proposed NAC policy? If not, you should consider remediating those systems in advance of the deployment to avoid significant disruption.
How will you handle non-compliant systems? If they will be placed in a quarantine zone, will they have access to the resources (e.g. antivirus update servers, operating system patch servers) necessary to become compliant? If they will not be allowed any network access, how will they become compliant? Does your organization have the IT resources to handle a sudden rush of service orders?

More information:

Learn how NAC can boost host security.

Have network access control products lived up to the marketing hype?

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Network Security
	What warning signs will indicate the presence of a P2P botnet?
	What reporting tools are available for an enterprise IDS?
	Is it possible to allow select access to IP addresses using Windows Server 2003?
	Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
	What are best practices for creating an IDS and maintaining a signature database?
	What are the best ways to hide system information from network scanning software?
	What are the security risks of opening all the ports on an internal router?
	Will Cisco's plan to open access to the IOS improve network security?
	Will VoIP attacks result in more than just spam?
	Should enterprises implement a mandatory iPhone VPN?

Endpoint Security

Companies Finding a Place for Maturing NAC Projects

Product Review: Sophos Endpoint Security and Control 8.0

PCI DSS 1.2 clarifies wireless, antivirus use

Hidden endpoints: Mitigating the threat of non-traditional network devices

Symantec launches Endpoint Management Suite

Symantec to offer Endpoint Management Suite

Sophos finds patching issues through endpoint NAC tool

Websense, Reconnex top Forrester ranking of DLP vendors

Cisco, EMC to partner on data protection, PCI

Product review: Promisec's Spectator

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

brute force cracking (SearchSecurity.com)

buffer overflow (SearchSecurity.com)

Crash Course: Spyware (SearchSecurity.com)

email spoofing (SearchSecurity.com)

endpoint security (SearchSecurity.com)

phishing (SearchSecurity.com)

rootkit (SearchSecurity.com)

social engineering (SearchSecurity.com)

tunneling (SearchSecurity.com)

Wired Equivalent Privacy (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy