- Chinese Internet censorship: An inside look
- Desktops of the future here today
- What network CEOs really make
- DoD sold counterfeit network gear
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Migrating to a new messaging system is a tedious, complex and risky process. And since this isn’t something you do everyday, you need to know "best practices" to ensure a successful migration.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
First of all, thank you for the note.
While no test is going to be perfect, expecially when wireless...- Craig Mathias
NAC vendors claim their technology can be used to meet requirements of governmental and industry regulations, and a California security consultant says he has used it for just that.
Mirage NAC gear installed in Evans Hotels in San Diego helps the chain meet Payment Card Industry standards, not all of the standards by itself, but some of them, says Peter Bybee, president and CEO of security consulting firm Network Vigilance.
For instance PCI calls for restricting connections between publicly accessible network segments and data about credit card holders. NAC policies can be set with the Mirage gear to block specific interactions among machines, effectively creating the type of separation called for by the standard, Bybee says.
PCI calls for implementing primary server functions on separate physical servers to isolate key applications and data from other services that may be insecure. Simplifying the configuration of each hardware server reduces the opportunity for compromise.
A NAC policy could restrict traffic to one of these dedicated servers to a certain type, thereby demonstrating to PCI auditors that the server is performing a single function. So DNS traffic would not be allowed to and from a DHCP server, for example.
PCI also calls for antivirus software to run on certain endpoints as well as maintaining certain patch levels for software and operating systems. Part of NAC checking includes these items, so it can be used to enforce these requirements and log that the enforcement has occurred.
In some cases PCI calls for and intrusion prevention system to perform some of these functions, but Bybee says NAC can fill the bill. “The auditor doesn’t care if it’s IDS, IPS or NAC, just whether it fulfills the requirement,” he says.
This case happens to deal with Mirage NAC equipment, but these examples could apply to NAC gear made by other vendors. The point is that it shows how NAC can be in the mix of tools used to meet network security regulations (Compare NAC products).
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
RE: Using NAC to comply with industry regulationsBy tuomoks on February 14, 2008, 2:04 pmYes, NAC can solve some or most of the technical requirements. But giving a clean bill based only on the NAC solution forgets, as usually, that the real endpoint...
Reply | Read entire comment
View all comments