network access control: lessons learned
DESCRIPTION
Network Access Control: Lessons Learned. For AITP/STL November meeting David Strom, http://strominator.com (310) 857-6867. What you’ll learn today. Four successful deployments Seven requirements Five common pitfalls. Five common NAC pitfalls. - PowerPoint PPT PresentationTRANSCRIPT
http:://strominator.com 1
Network Access Control:
Lessons Learned
For AITP/STL November meeting
David Strom, http://strominator.com
(310) 857-6867
2http://strominator.com
What you’ll learn today
• Four successful deployments
• Seven requirements
• Five common pitfalls
3http://strominator.com
Five common NAC pitfalls
• Trying to protect everyone at once
• Failing to understand how many PCs really need remediation
• Having too many sources of security policies around your network
• Believing NAC works across your entire OS population
• NAC can introduce significant login delays
4http://strominator.com
Our four case studies
Product Site No. of clients
Microsoft Forefront Security
Allina Hospital, Minneapolis MN
23,000
Sophos Endpoint Control
TechTeam Global, Detroit 60 now, eventually 1,400
Still Secure SafeAccess A major multinational cosmetics corporation, NYC
20,000
Wave Systems Embassy Trust Suite, TNC
Papa Ginos Restaurants, Boston
250
5http://strominator.com
6http://strominator.com
7http://strominator.com
8http://strominator.com
9http://strominator.com
Multinational cosmetics company
10http://strominator.com
11http://strominator.com
12http://strominator.com
13http://strominator.com
Pre-deployment NAC guidance for managers
• I have found based on my interviews several things that our IT managers have learned and hope you can avoid their mistakes too!
14http://strominator.com
1. Support for non-XP clients is spotty
15http://strominator.com
2. Remediation isn’t easy
16http://strominator.com
3. You can’t protect everything
17http://strominator.com
4. Centralize security policy management
18http://strominator.com
5. Start with simplest elements
19http://strominator.com
6. Pick your pilot group carefully
20http://strominator.com
7. Decide whom you want to authenticate: PCs or users?
21http://strominator.com
Summary and conclusions
• NAC can be useful and successful with the right planning
• Match the product and strategy to your particular circumstances and test carefully
• Take it in baby steps, but keep your eye on the (eventual) remediation ball
