04:10 PM
Sharon Gaudin
Sharon Gaudin

At Interop, Security Talk Is Largely About Network Access Control

Here at Interop, there's a lot of focus on security and a lot of that security attention is aimed right at network access control. It's a hot-button topic here. The question plaguing many IT and security managers, though, might be where to get started.

Here at Interop, there's a lot of focus on security and a lot of that security attention is aimed right at network access control. It's a hot-button topic here. The question plaguing many IT and security managers, though, might be where to get started.After several years of availability but no real steam behind it, businesses are turning their attention to NAC. Big businesses. Small businesses. They're all talking about NAC here at Interop. With all of the news out in the past few years about intrusions, zombie computers, and data loss, NAC technology seems like a smart answer to a lot of security questions.

Network access control is largely about enabling IT managers to take control of who and what devices come onto their networks. When an employee, visitor, or contractor tries to log onto the network, a NAC solution can check to make sure that the machine isn't infected with any malware, that its software is patched and updated, and that antivirus products are running. And if it's a visitor logging on, well, she doesn't need access to the company network, just an Internet connection.

I've been interviewing a lot of vendors about NAC this week. What it's all about… what it can do for a company… what it can't do… and the challenges around deploying it. I've talked with people from Identity Engines, Juniper Networks, LANdesk Software, and Microsoft. There's some interesting things coming up in the area and I'll be reporting on them soon.

But there's one common theme to most, if not all, of these interviews.

How should companies get started with it? How much is not enough? And maybe even worse, how much is too much?

You can set up a NAC solution to check and see if a desktop, laptop, or smartphone has antivirus running and updated software. However, you also could set it up to check for a slew of other things, like configurations and settings. If you go whole-hog on this, the machines coming onto your system will be safe and clean as a whistle. The problem, experts told me, is that very few systems may actually be able to get onto your system.

And what would that do to productivity?

Paul Mayfield, a group program manager at Microsoft, said there are some basic steps to follow when setting up a NAC solution.

First, decide what your policy is going to be. Where are the areas you really need to provide protection for versus areas you're not so worried about? And then start out slowly. Get your feet wet. Don't worry about setting up the system to check for more than just a few things right out of the gate.

And this is key -- go through every desktop, every laptop, and every handheld device or smartphone to make sure they all comply with your new network access regulations. If you don't do this, you might have a big mess on your hands the day you flip the switch. Mayfield advises that managers may want to set it up so people who aren't in compliance at the beginning get a window of time to get their systems into compliance. After a matter of days or a week, they'll be excluded from the network if they aren't up to speed.

"When you're thinking about your policy, it's about bringing your teams together to work through this process," said Mayfield.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.