- 10 open source companies to watch
- Mythbuster busts his own tale
- $208 million petascale computer gets green light
- Sony recalls 73,000 Vaio laptops
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
When it comes to NAC and LAN security, I hear people talk about pre- and post-admission. What are the benefits of each?
The functions associated with pre- vs. post-admission NAC are quite different, and as a result, the benefits of each differ as well. Sometimes called pre- and post-connect, the terms refer to the features associated with admitting someone onto the LAN - the pre-admission steps - vs. the functions involved in controlling users after they're on the LAN - the post-admission features.
Pre-admission NAC includes authenticating a user's login credentials and checking whether the user's computer meets a company's security standards. These authentication and posture check steps are a critical first step to securing your LAN and provide several key benefits. First, you can use authentication to quickly separate corporate users from guests. You can further delineate between employees and contractors with authentication, provided you've included contractors in your authentication database and have designated them as such. This fundamental feature enables you to block access to anyone who doesn't belong on your LAN in the first place.
The posture-check step is key to preventing the spread of malware - primarily known malware. Posture-check or endpoint-validation technologies range in capabilities, but in general, they provide the benefit of detecting the presence of malware or other signs of a compromised system. Some of the more fully featured systems allow you to customize what the posture-check software should look for on a system, including changes to the Registry file, the presence of adware or spyware, or company-specific files or other markers that should be on company-owned assets.
To truly gain the malware-avoidance benefits of posture-check software, you'll need to look for solutions that can span both managed and unmanaged systems. If you're only ever checking the corporate-owned computers, for instance, you'll leave yourself open to infection by guest machines. Support for unmanaged machines will require downloadable or dissolvable posture-check software, since you won't be able to pre-load software on guest machines.
To sum up the benefits of pre-admission checks, you'll ensure that only the right people and "clean" machines are able to get onto your LAN.
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment