University flunks NAC endpoint checks

* At Columbia University Medical Center more than half the machines using the network flunked endpoint checks

Use of NAC at Columbia University Medical Center in New York City revealed that slightly more than half the machines using the network flunked endpoint checks.

As part of the school’s pilot of Bradford Networks’ NAC gear, machines were scanned as they tried to gain network access during the 2007 summer session, according to a recent presentation by the company at Network World’s IT Roadmap event in Washington, D.C.

The equipment found that 53% of the machines either lacked operating system patches or virus updates that were required for any machine joining the network.

This finding points out the importance of running trials before turning on NAC devices. Many network executives have endpoint configuration policies in place, and may even use automated update platforms to keep them in compliance, but compliance may be dismal nevertheless.

Some early adopters have reported that they turned NAC on without first running it in monitoring mode and had a horrible surprise. And so did their end users. Machines out of compliance were rejected, so many that the company help desk was swamped with complaints from users denied network access.

Running NAC in monitoring mode, identifying the scope of the problem and remediating it before initially turning on the devices in enforcement mode can save these headaches, particularly if the NAC gear doesn’t automatically direct users to remediation.

To view presentations from the Network World IT Roadmap event, go here, you’ll have to create an account with a user name and password. There’s no questionnaire, so it’s pretty fast. Then choose Washington, D.C. from the dropdown menu.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)