Home > Other Work Stuff > Network Access Control Pilot

Network Access Control Pilot

We’re getting going (rather late in the year) with a pilot of a network access control system. Essentially, the system prevents network access to devices that don’t meet policy regarding virus scanners, malware detectors, and patches. When a computer boots up, the access control system dumps it onto an untrusted network. From there, the computer can only see sufficient resources to get itself patched and up to standards according to our security policy. Then, when the access control system is satisfied with the state of the computer, it flips it onto the trusted network, and the system gets a new address and starts working normally.

This kind of system requires some pervasive changes to our network infrastructure, and integrates to our machines at the login level, so we’re doing the pilot to make sure that it will do all the things we need from it before we commit to a rather large expense. The intent of it is to reduce the impact and slow the spread of an outbreak of viruses or malware caused by inadvertently unpatched software or out-of-date virus scanners or malware detectors.

About these ads
Categories: Other Work Stuff
  1. themonkman
    2008-01-10 at 22:50

    Are you using Cisco’s MARS system?

  2. 2008-01-14 at 15:59

    We are working with Cisco NAC.

  3. mikal saboor
    2008-03-10 at 07:09

    scott,

    How did your pilot work out?

  4. 2008-03-11 at 09:24

    The pilot worked out fairly well as far as we took it, with several pilot users using it for a couple of weeks without problems, authenticating to our Novell environment, getting remediation applied while being locked out, and then getting access granted.

    We have decided in the mean time to make some lower-level architectural changes to our networks for other reasons, and so we are putting the NAC deployment on hold until later this summer.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: