INFRASTRUCTURE STRATEGIES
NAC helps SMBs control network, costs
Michael Gregg, Contributor
01.09.2007
Rating: -3.88- (out of 5)
For large and small businesses alike, achieving optimal network security is a never-ending quest. But small and medium-sized businesses (SMBs), in particular, face many unique network security challenges due to their smaller budgets and staffs. Among them:
- Access control: SMBs face special challenges in tracking who has access to the network and if the level of access they have is appropriately set.
- Malicious code: Most attacks against small businesses are automated, and potentially debilitating to SMBs. These attacks can appear as viruses, worms, Trojans and bots.
- Mobile device security: Mobile devices such as USB drives, iPods and camera phones allow data and information to be moved in and out of the network without normal access controls, creating a definite security hazard.
One potential solution to these issues is network access control (NAC). NAC offers administrators a way to verify devices meet certain health standards before they're allowed to connect to the network. Laptops, desktop computers or any device that doesn't comply with predefined requirements can be prevented from joining the network or can even be relegated to a controlled network where access is restricted until the device is brought up to the required security standards.
There are several different incarnations of NAC available. These include infrastructure-based NAC, endpoint-based NAC and hardware-based NAC.
Infrastructure-based NAC requires an organization to upgrade its hardware and/or operating systems. If your IT organization plans to roll out Microsoft Vista or has budgeted an upgrade of your Cisco infrastructure, you're well positioned to take advantage of infrastructure NAC.
Endpoint-based NAC requires the installation of software agents on each network client. These devices are then managed by a centralized management console.
Hardware-based NAC requires the installation of a network appliance. The appliance monitors for specific behavior and can limit device connectivity should noncompliant activity be detected.
Of the three methods of NAC deployment, most SMBs will find network appliances, or hardware-based NAC, the best fit. Deploying hardware-based NAC doesn't require an upgrade of operating systems or the purchase of all new networking gear. However, it is important to remember that these devices are not truly plug-and-play. Eric Maiwald, senior analyst at Burton Group Inc. in Midvale, Utah, cautions those considering the deployment of hardware-based NAC to have realistic expectations. "Hardware devices will require some policy configuration. Devices like printers, IP cameras, etc. will require the development of specialized policies. This involves some work."
|
|
|
|
|
These devices level the playing field and make it possible for smaller businesses to have a level of control that used to be found exclusively in the enterprise market.
Jim Cowden
chief security strategist, Control Point
|
|
|
|
|
|
|
|
|
|
Hardware-based NAC solutions are available from Cisco Systems Inc., Lockdown Networks, ConSentry Networks and Vernier Networks Inc. While these systems may not be as capable as infrastructure- and endpoint-based NAC, hardware-based NAC will reduce risk and limit exposure for a reasonable cost.
"The real benefit to SMBs is that these devices level the playing field and make it possible for smaller businesses to have a level of control that used to be found exclusively in the enterprise market, " said Jim Cowden, chief security strategist at network security vendor Control Point in Newport Beach, Calif. "SMBs should query vendors as to the interoperability of their devices and assess what standards they are compliant with."
One such emerging standard is Trusted Network Connect (TNC). TNC is an effort to create interoperability among access control solutions from various vendors. Microsoft and Cisco offer two others: Microsoft's Network Access Protection (MNAC) and Cisco's Network Admission Control (CNAC). While all the standards attempt to build on the functionality of 802.1x, each is taking a somewhat different path.
While there may be no silver bullet when it comes to network security for SMBs, a hardware-based network access control solution is the next best thing. Hardware-based NAC offerings continue to mature from a technological perspective and they offer a network security solution at a reasonable price for SMBs.
Michael Gregg has been involved in IT and network security for more than 15 years. He is founder and CTO of Superior Solutions Inc., a risk assessment and security consulting firm, and the author of Hack the Stack: The Eight Layers of an Insecure Network.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchCIO-Midmarket.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
