Network Access Control Pilot
We’re getting going (rather late in the year) with a pilot of a network access control system. Essentially, the system prevents network access to devices that don’t meet policy regarding virus scanners, malware detectors, and patches. When a computer boots up, the access control system dumps it onto an untrusted network. From there, the computer can only see sufficient resources to get itself patched and up to standards according to our security policy. Then, when the access control system is satisfied with the state of the computer, it flips it onto the trusted network, and the system gets a new address and starts working normally.
This kind of system requires some pervasive changes to our network infrastructure, and integrates to our machines at the login level, so we’re doing the pilot to make sure that it will do all the things we need from it before we commit to a rather large expense. The intent of it is to reduce the impact and slow the spread of an outbreak of viruses or malware caused by inadvertently unpatched software or out-of-date virus scanners or malware detectors.