NAC recommendation

5 pts.
Tags:
Access control
Enterasys
Enterasys Networks
Network access control (NAC)
I am doing NAC research for my company to see what would be the best solution to implement it. We having serious problems with managed and unmanaged users coming onto the network which spread alot of viruses, thats why we need control who is coming onto the network.To give you some background info this is what the landscape looks like. There is a total of about 12000 users in our company We have an Enterasys backbone not all of the switches are 802.1X compliant i would say 70% is. We running Microsft environment, the hosts are running Vista and XP , servers are 2003 and a few 2008. We will be migrating to 2008 over the next 18 months. We have System Center Config manager doing our patches.We just implemented microsoft PKI. Symantec SEP11 is our AV software. What i was task to do is see if we can utilise our existing investment in implementing NAC and the cost associated to that and what a complete new solution other that what we have would cost to implement. My dilemma is knowing what all the vendors offerings are what would be the best solution for us to go with?. Is it out-of-band or in-line or both ? There is so many many things to consider and just feel overwhelmed at the moment with all the options. If anyone can assist in this decision i would really be gratefull.

Software/Hardware used:
microsoft, enterasys, symantec endpoint protection

Answer Wiki

Thanks. We'll let you know when a new response is added.

Disregard vendor claims. Installing a product is not a magic wand that makes problems disappear.

The specific problem you identified is “spread a lot of viruses.” You mention that this is a problem with managed users as well as unmanaged users.

Identify why there is a problem with the managed users. If SEP 11 is deployed, what has gone wrong? Use SCCM to collect information about the state of your SEP 11 deployment. Do clients have software installed and running, and are pattern files up to date? If not, get that problem fixed.

Selecting and installing a NAC product would be another way to tell you what SCCM can already tell you, but adds a way to enforce restricted network access. Don’t turn on restrictions without knowing how many people will be affected. Use your investment in SCCM first.

What are “unmanaged users?” Truly unmanaged (“we take no responsibility for their conduct”) or poorly managed (“home users with machines we haven’t taken responsibility for”)? How does a NAC product improve your management of unmanaged users?

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following