Security Manager's Journal: NAC deployment means better access control at last

A NAC initiative so far has revealed a whole lot of devices that don't meet the criteria for getting on the network.

By Mathias Thurman, Computerworld |  Security

We have a few corporate-sanctioned Linux machines and Macs. To control their access to the corporate network, we could install a NAC agent on each device, create exceptions by registering the devices' MAC addresses or obtain each device's SSH key so that the NAC tool can interrogate the device. As for iPads, iPhones and Android mobile devices, they will be routed to the guest network unless they connect via a VPN client.

At this point in our NAC deployment, we're only monitoring the activity and not actually enforcing network lockouts, so as not to disrupt business activity. It's a good thing, too, since a whole lot of devices are failing to meet even our initial security policy. In initial monitoring, more than 40% of the Windows PCs could not be properly interrogated. Many of them were domain members, but we could not determine if they were running the systems management software. This will have to be looked into, as will the plethora of Linux and Apple devices that are connected to the network but are not corporate owned.

This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at

Join in the discussions about security!

Read more about security in Computerworld's Security Topic Center.

Originally published on Computerworld |  Click here to read the original story.
Join us:






SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question