Don't rush NAC implementations

RSA panelists recommend investigating NAC before implementing

Cloud Security Alert By Tim Greene, Network World
February 13, 2007 12:06 AM ET

Clarifying issues surrounding this emerging security architecture

The big lesson to learn from early NAC implementations: start preparing early.

Being rushed into these projects because a security problem puts a gun to your head is not the way to go, according to panelists who spoke at the RSA Conference last week.

Instead, they recommend investigating NAC and if it seems like it meets needs, go forward.

The steps they recommend are:

Related Content

* Evaluate the network infrastructure first to determine what NAC products it will and will not support.

* Gather representatives from all user groups to get them to buy into the project because it will change how they use the network.

* Analyze risk. NAC may not be needed to protect all network resources, and that will make for a smaller and simpler project. NAC can be expanded later as needed with the benefits of lessons learned.

* Test the products being considered. Do this in laboratories but also in live beta tests with limited end users to discover impacts the scheme might have that weren’t thought of initially.

* Go back to users to develop policies that NAC will enforce so groups don’t lose authorizations they need.

* Pick a vendor that seems engaged in creating interoperability with other vendors’ gear. This will pay off down the road when formal standards are developed because interest in standards now indicates a vendor will quickly upgrade to whatever is decided.

* Look for a vendor whose gear fits into a broader network security architecture.

Next time: Shortcomings these panelists found with NAC.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.