Q:
NAC recommendation
I am doing NAC research for my company to see what would be the best solution to implement it. We having serious problems with managed and unmanaged users coming onto the network which spread alot of viruses, thats why we need control who is coming onto the network.To give you some background info this is what the landscape looks like.
There is a total of about 12000 users in our company
We have an Enterasys backbone not all of the switches are 802.1X compliant i would say 70% is.
We running Microsft environment, the hosts are running Vista and XP , servers are 2003 and a few 2008. We will be migrating to 2008 over the next 18 months. We have System Center Config manager doing our patches.We just implemented microsoft PKI.
Symantec SEP11 is our AV software.
What i was task to do is see if we can utilise our existing investment in implementing NAC and the cost associated to that and what a complete new solution other that what we have would cost to implement.
My dilemma is knowing what all the vendors offerings are what would be the best solution for us to go with?. Is it out-of-band or in-line or both ? There is so many many things to consider and just feel overwhelmed at the moment with all the options.
If anyone can assist in this decision i would really be gratefull.
Software/Hardware used:
microsoft, enterasys, symantec endpoint protection
There is a total of about 12000 users in our company
We have an Enterasys backbone not all of the switches are 802.1X compliant i would say 70% is.
We running Microsft environment, the hosts are running Vista and XP , servers are 2003 and a few 2008. We will be migrating to 2008 over the next 18 months. We have System Center Config manager doing our patches.We just implemented microsoft PKI.
Symantec SEP11 is our AV software.
What i was task to do is see if we can utilise our existing investment in implementing NAC and the cost associated to that and what a complete new solution other that what we have would cost to implement.
My dilemma is knowing what all the vendors offerings are what would be the best solution for us to go with?. Is it out-of-band or in-line or both ? There is so many many things to consider and just feel overwhelmed at the moment with all the options.
If anyone can assist in this decision i would really be gratefull.
Software/Hardware used:
microsoft, enterasys, symantec endpoint protection
ASKED:
Nov 10 2009 7:12 AM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
A:
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
The specific problem you identified is "spread a lot of viruses." You mention that this is a problem with managed users as well as unmanaged users.
Identify why there is a problem with the managed users. If SEP 11 is deployed, what has gone wrong? Use SCCM to collect information about the state of your SEP 11 deployment. Do clients have software installed and running, and are pattern files up to date? If not, get that problem fixed.
Selecting and installing a NAC product would be another way to tell you what SCCM can already tell you, but adds a way to enforce restricted network access. Don't turn on restrictions without knowing how many people will be affected. Use your investment in SCCM first.
What are "unmanaged users?" Truly unmanaged ("we take no responsibility for their conduct") or poorly managed ("home users with machines we haven't taken responsibility for")? How does a NAC product improve your management of unmanaged users?
