Using NAC to comply with industry regulations - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Get Real-world Advice on how to Cost Effectively Consolidate your Data Center Novell

Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

First of all, thank you for the note. While no test is going to be perfect, expecially when wireless...- Craig Mathias

Join the Discussion

Using NAC to comply with industry regulations

* How NAC can be used to meet network security regulations
Security: Network Access Control Alert By Tim Greene , Network World , 02/14/2008
Tim Greene
Sign up for this newsletter now!
  • Social Web 
  • Email 
  • Feedback 
  • Close

NAC vendors claim their technology can be used to meet requirements of governmental and industry regulations, and a California security consultant says he has used it for just that.

Mirage NAC gear installed in Evans Hotels in San Diego helps the chain meet Payment Card Industry standards, not all of the standards by itself, but some of them, says Peter Bybee, president and CEO of security consulting firm Network Vigilance.

For instance PCI calls for restricting connections between publicly accessible network segments and data about credit card holders. NAC policies can be set with the Mirage gear to block specific interactions among machines, effectively creating the type of separation called for by the standard, Bybee says.

PCI calls for implementing primary server functions on separate physical servers to isolate key applications and data from other services that may be insecure. Simplifying the configuration of each hardware server reduces the opportunity for compromise.

A NAC policy could restrict traffic to one of these dedicated servers to a certain type, thereby demonstrating to PCI auditors that the server is performing a single function. So DNS traffic would not be allowed to and from a DHCP server, for example.

PCI also calls for antivirus software to run on certain endpoints as well as maintaining certain patch levels for software and operating systems. Part of NAC checking includes these items, so it can be used to enforce these requirements and log that the enforcement has occurred.

In some cases PCI calls for and intrusion prevention system to perform some of these functions, but Bybee says NAC can fill the bill. “The auditor doesn’t care if it’s IDS, IPS or NAC, just whether it fulfills the requirement,” he says.

This case happens to deal with Mirage NAC equipment, but these examples could apply to NAC gear made by other vendors. The point is that it shows how NAC can be in the mix of tools used to meet network security regulations (Compare NAC products).

Comments (1)
Login
Forgot your account info?

RE: Using NAC to comply with industry regulationsBy tuomoks on February 14, 2008, 2:04 pmYes, NAC can solve some or most of the technical requirements. But giving a clean bill based only on the NAC solution forgets, as usually, that the real endpoint...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code