|
Contractor Control
Insurance association deploys NAC technology to control guest access.
HIPAA compliance requirements plus the need to control vendors and contractors accessing its network drove Government Employees Health Association to look for a NAC solution. One incident in particular made NAC a necessity for the insurance company, which serves federal employees and retirees and has more than 221,000 health plan members.
"One day we were looking at the DHCP server and saw an unfamiliar host name that had obtained an IP address. We hunted it down and sure enough, a consultant had plugged a laptop into our network," says Justin Gerharter, senior systems engineer at GEHA. "That was the slap in the face that turned NAC from being a want into a need."
The organization installed Nevis Networks LANenforcer appliances across 1,800 edge switch ports to protect its workforce, which counts approximately 800 employees. The biggest benefit has been the ability to control contractors and other guests, Gerharter says: "We can allow vendors or whoever to plug their laptop in and give them access only to what they need, which is usually just the Internet."
GEHA isn't yet using the devices' client integrity scanning features.
"We're in reporting-only mode, which allows us to see what's going on," Gerharter says.
The logs help not only with compliance but with troubleshooting. "We can go back and see where every user went when they logged on during the day," Gerharter says. "We have audit trails of where every user is going. That helps with HIPAA compliance and post-mortem if something happens. We can go back and see if it originated from an endpoint."
GEHA initially deployed the Nevis technology to its network operations center and expanded from there. The deployment took about five weeks and didn't require the purchase of any additional hardware or software, or necessitate changes to ...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
existing security policies. "It was just a drop in," Gerharter says.
The organization is primarily a Windows shop, but does have IP phones that required some additional steps to get them to authenticate through the NAC appliance.
"It just takes adding a MAC address to an allow list," he says.
Engineers at GEHA installed two LANenforcer 2024 devices plus the LANsight management appliance, which provides a central place to up-date endpoint policies. Getting accustomed to the management functions required a short learning curve but in the end they are pretty straightforward, Gerharter says.
In August, GEHA planned to add two more 2024s for high availability. It also was set to install two LANenforcer 1048 Secure Access Switches for the organization's Citrix servers.
GEHA is using McAfee software to protect endpoints from spyware and malware, but may add Nevis client integrity scanning if tests go well.
The IT department was testing the functionality but testing was halted when many in the department upgraded to Vista because the Nevis agent didn't support the new operating system. When GEHA gets the latest code release from Nevis installed, it will resume testing. If all goes well, it will roll out the agent as an additional layer to its endpoints, Gerharter says.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Implementor Justin Gerharter, senior systems engineer
Company Government Employees Health Association
Size of deployment 1,800 access switch ports
Problem/solution NAC appliances provide guest control and monitoring solution for compliance
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
|
