NAC is about more than security at UNC
When the University of North Carolina at Chapel Hill implemented network
access control campus-wide last spring, it was as much a natural progression
of the school's network
management strategy as it was a security
project.
"We view good management as equal to security and security as equal to
good management," said Mike Hawkins, associate director of networking for
UNC Chapel Hill, during his talk at the recent Network World IT Roadmap Conference
& Expo in Dallas.
To many, NAC implies solutions that interrogate end devices to ensure they
have proper security controls in place before they are allowed on the network.
At UNC, it's more about automating the implementation of acceptable-use policies
that the school has had in place for years. And while tales abound of NAC rollouts
that require wholesale network infrastructure upgrades, UNC has NAC working
on switches that are as many as 7 years old and come from multiple vendors.
Of course it helped that UNC was in on the ground floor with its NAC vendor,
enabling it to help shape what the product looked like. (Because of university
policy against endorsing vendors, UNC declined to name vendors for this story.)
Background
UNC Chapel Hill, the second-oldest public university in the United States, has
some 28,000 students, 3,100 faculty and 7,500 staff. Altogether, some 35,000
users of traditional computing devices connect to its network each day along
with about 50,000 other types of devices, ranging from soda machines to parking
gates and water meters.
For years the university has been applying acceptable-use policies to its switch
ports to dictate what each type of device can and cannot do when it connects
to the network. While that worked well enough, it was a manual, static process
to assign an acceptable-use policy each time a new device wanted to connect.
The university's NAC implementation brings a new level of automation to the
table, said Jim Gogan, director of networking at UNC Chapel Hill. "The
issue is how to provide the appropriate policies for whatever class of device
wants to connect," he says. If a utility group connects a steam meter,
the network should immediately recognize the device is a steam meter and apply
the appropriate policy. That saves the network group from having to get involved
every time some specialized device needs to connect.
"This is precise, granular edge control over what goes on in the network,"
Hawkins said. "I see very few NAC solutions that are actually doing this."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
