Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Seeking Answers with Network Access Control
NAC is about managing how people and devices attach to the network and how IT controls the data you have permission to access

Corporate BYOD growth is prompting enterprises to take a closer look at their networks and their approach to security. As this initiative grows, along with the increased need for keeping the network and its data secure, more IT professionals are reconsidering NAC. In fact, a recent Ogren Group research report, "Network Access Control: A Strong Resurgence is Underway,"[1] estimates the network access control (NAC) market has grown to $392 million in 2012 and will sustain a strong 22 percent CAGR through 2017, taking the market to more than $1 billion per year.

Two or three years ago, NAC was in the top ten IT project list, but it was always one of the first projects to hit the chopping block if there were budget constraints. Now as the BYOD phenomenon accelerates, so does the need to keep the corporate network and its data secure. This trend is driving more IT professionals to seek the answer to this question, "Are we ready for NAC?"

Now that your management has the NAC bug, what do you do? Where do you start? Who is involved? There are a lot of questions that need to get asked and answered and in this article, I'll offer suggestions to set you on the right path.

Let's break it down:

What do you want to accomplish?
As the name states, network access control is about managing how people and devices attach to the network and how IT controls the data you have permission to access. The first step is a plan that defines what it is you want to do.

A BYOD program is the most common driver of NAC demand today. However, it is often confused with a Guest Access program. NAC can certainly help with both, but make sure that you know the difference. BYOD initiatives focus on allowing employees to access corporate data from personal devices such as tablets, smartphones and laptops. Many times, management will allow employees to bring their personal device into the office, but limit the use to Internet access only. This scenario is essentially Guest Access and is not a BYOD initiative. When planning for either scenario, you should verify if your employees are going to use their LDAP (Active Directory, eDirectory, etc.) credentials to gain access to data on the corporate network or if pre-determined credentials that may be configured on the NAC appliance will be used for access. Finally, if you want to allow employees to access corporate information, decide how much access to allow? NAC can help with all this.

Another consideration is do you want to limit what employees can access based on their role, location, time of day, etc. For example, there is no reason for someone in the finance department to access the data center, as there is no reason for them to be in the data center in the first place. Conversely, there is no reason for IT to access the payroll server (except for maintenance). With NAC, you can set policies and checks to help you manage access. These policies include, but aren't limited to, anti-virus verification including what brand of AV is supported, determining if the AV is the most current version, operating system checks (what OS is running, are all patches applied), are they running unauthorized applications or are they missing required applications? There are many more options to consider. When you are looking at implementing a NAC solution, make sure that you know what you are looking for.

Another advantage of using NAC is in regards to automating the on-boarding of "headless" devices. Headless devices include printers, IP cameras, and phones. A NAC solution such as CounterACT has the ability to identify and classify any device that could potentially connect to your network, both wired and wireless. Once a device has been identified, NAC will be able to provide the necessary access to the network.

How do I manage access?
Now that you have a clear picture of what you want to accomplish, determine the best approach to achieve those varied tasks. Some tasks manage the access while others interrogate the endpoints to make sure that they meet the policies that you have put in place.

When managing access to the network, there are generally two different methods: VLAN reassignment and Access Control Lists (ACLs). ForeScout has another alternative called Virtual Firewall. This feature allows you to control access of any device attempting to connect to the network.

VLAN reassignment is the most common method for controlling access. When a device connects and has the appropriate authentication, NAC can move the device to the pre-determined VLAN. This is accomplished by integrating with the network switches, routers and wireless controllers. This dynamic VLAN assignment is temporary, and when a device disconnects and another device connects, a new VLAN can be assigned to that port or within the SSID.

Dynamic ACLs are another method of enforcement. While not as widely utilized, they can be equally effective, and in some cases, a combination of VLANs and ACLs are used. For example, a user can connect to the network, be assigned to a VLAN, and based on their authentication have ACLs in place to limit their access.

Who is involved?
When it comes to NAC and implementing a solution, it is important to involve other teams, in addition to the networking and security teams, since a NAC directly impacts the network. The network team needs to be brought in because NAC requires integration with the network equipment. This includes SNMP read/write as well as privileges to make changes to the switch configuration. Another team to consult is security as there are generally specific requirements or policies that need to be in place to maintain corporate security. Additionally, NAC involves the interrogation of the endpoints, so the desktop support team should be included. Whether utilizing an agent or using an agentless method, the endpoint will have changes made to it and the desktop team needs to be informed.

As you see, a lot of decisions and considerations need to be made when planning on NAC. The better prepared you are, the more time you take planning, the more successful the implementation will be. In a dynamic world, things change, and a NAC solution needs to be dynamic too. As new business and security policies emerge, it is critical to integrate them with your NAC plans.

Reference

1.       The Ogren Group, "Network Access Control: A Strong Resurgence is Underway," March 6, 2013, Eric Ogren

About Ken Daniels
Ken Daniels is a Channel Systems Engineer at ForeScout Technologies. For the last 20 years, he has been a sales/systems engineer primarily focused on networking. His career included working in IT for 3Com and Motorola, as well as several startup companies where his efforts helped lead to successful acquisitions. A background in wireless networking has given him a unique perspective in Network Access Control (NAC) especially given the BYOD phenomenon that is currently driving NAC market growth. Ken has helped many large national and international organizations develop networking solutions. He has extensive experience working with the channel to train technical teams to design, sell, and implement network and security solutions.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for finan...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored app...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier...
From 2013, NTT Communications has been providing cPaaS service, SkyWay. Its customer’s expectations for leveraging WebRTC technology are not only typical real-time communication use cases such as Web conference, remote education, but also IoT use cases such as remote camera monit...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how t...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE