Enterprise IT Watch Blog

Aug 24 2010   6:09AM GMT

Access Denied: 7 Steps to Crafting NAC Policy

Melanie Yarbrough Profile: MelanieYarbrough

There are many phases to creating a wireless network, from planning to deploying. But concerns for your network don’t end there; beyond initial set up and deployment is management and security. One of the big monsters in network security is the end user, so security and network management begin with securing and managing who has access to your network.

Determining the Placement of Your Network Access Control

When choosing a method for Network Access Control (NAC), consider the following:

1. Level of security:

  • User identity management versus just the computer’s identity.

2. Network infrastructure versus endpoint-based approach (server software on appliance v. network switch):

  • Network-based systems boast better centralized control, easily set enterprise standards, and NAC protection for remote users accessing the VPN.

3. Depth of network monitoring:

  • For endpoint security: Check PC at login only or continuously monitor the whole time it’s on the network?
  • Consider the lesser of two costs: NAC monitoring costs versus fix costs for malware or break-ins.

The most important part about crafting your NAC policy is understanding what your organization needs before shopping for solutions to ensure all needs are met.

4. Vendor-provided solution, in-house API solutions or a mixture of the two:

  • Depending on your organization’s needs, scan customization may be the only option if the vendor’s native solution does not suffice.

5. In case of data loss:

  • The best protection happens before data loss, so consider disk encryption to prevent increased mobility from compromising sensitive data.
  • Less obvious than the dangers of a misplaced or stolen laptop is data leakage, ward against it with tools such as data fingerprinting and removable media monitoring or blocking.

6. Personal versus professional machines:

  • To prevent the hazards of end users mixing work and play on work machines, desktop virtualization allows the creation of two mutually exclusive entities to prevent data leakage or movement.

7. Taking action:

  • Just as catching a fish starts with them taking the bait and you reeling them in, NAC is not effective unless endpoint security threats are dealt with properly and in a timely manner. Whether it’s through the vendor-provided NAC solution or an in-house  patch management system, be sure that scanning is followed up with patching.

Now that you’re ready to go shopping, check out what your fellow IT Knowledge Exchange members recommend as great resources for building the ultimate network security and troubleshooting utility belt. From Wireshark to Tasklist to the ever-popular Spiceworks, there are plenty of options for securing your painstakingly planned and built network.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Access Denied: 7 Steps to Crafting NAC Policy – Enterprise IT … - network security appliances
    [...] See more here: Access Denied: 7 Steps to Crafting NAC Policy – Enterprise IT … [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: