- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
As it sets up a network access control infrastructure to run herd on the wide range of transient workers who have legitimate needs to access its network, Mercy Medical Center in Baltimore has bumped into business challenges that are proving more difficult than the technical ones.
Those who need to gain network access include residents, interns, rotating medical staff, nurses and doctors from other hospitals with credentials to practice at Mercy, says Mark Rein, director of IT.
They use devices ranging from notebooks to PDAs and mobile phones. “At any given time I have people on my network and I have no idea who they are and who is maintaining their equipment,” he says
Soon after he started working at the hospital nine months ago he set about looking for NAC gear that could check whether machines signing onto the network meet security standards and would authorize them to access only those resources they need to reach.
“We had one person dedicated for three months just testing NAC products,” he says, declining to say which ones. “We’ve been under non-disclosure with several companies the last nine months.”
But he finally settled on ConSentry’s LANShield to scan machines for compliance, then restrict them to the resources they are cleared to reach. The device can also divert machines to sites where they can get updates that help them pass the scans after they have failed.
But before he could get the device to work, he had to determine what workers had legitimate needs to access what resources. Some workers need to access the hospital information system of broad patient information including insurance details, others may just need access to medical records, he says.
“First you need to understand your user base, where they need to go, where they don’t need to go and segregating their traffic appropriately,” Rein says.
“You have to identify what you’re trying to protect, identify different segments you might need to set up,” Rein says. That translates into policies set up for the ConSentry gear to enforce. “The policy gets to what you need to know and what you don’t need to see,” he says.
Rein says he was attracted to ConSentry because it requires no installation of clients on all the legitimate machines that need to be scanned and no creation of extensive virtual LANs (VLAN) to segregate users from resources as other schemes require. “It decomplicates a lot of what Cisco and everybody else tried to complicate by creating thousands of different VLANs or hundreds of VLANs to segregate your traffic, he says.

Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...

We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment