Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Request for Proposal: NAC Systems

    By
    Cameron Sturdevant
    -
    December 11, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Controlling end-user network access is tied up with broader security concerns, including identity and authorization. Nonetheless, there are specific questions that IT managers should ask network access control vendors before moving ahead with an implementation of the technology, and most of these questions relate to endpoint configuration and remediation techniques.

      After testing several NAC products, attending NAC conferences, and speaking with NAC vendors and implementers, eWEEK Labs has come up with a set of model questions that can serve as the basis of a NAC RFP.

      First, though, IT managers must answer some important questions themselves: “Is there a problem?” and “What are the goals of the NAC project?”

      The best place to look for answers to these questions is the company help desk. If external machines connecting to the corporate network—such as devices used by contractors or traveling salespeople—have caused significant application downtime because of viruses or other malware infections, then the answer to the first question is “yes.” If such queries come back with inconclusive answers, then a legitimate case for considering NAC technology must be based on a thorough risk assessment.

      eWEEK Labs has found that NAC solutions can go a long way toward controlling problems that are caused by unmanaged machines in the hands of trusted users. NAC solutions increase in effectiveness when used to control unmanaged trusted users who conduct legitimate work for the organization. In fact, the more contractors and other temporary workers are used in an organization, the more likely it is that the organization can benefit from a NAC solution.

      SYSTEM CAPABILITIES

      • What are the component pieces of the NAC solution? (Check all that apply.)
      • All-in-one appliance
      • Software
      • In-line enforcement hardware
      • Out-of-band enforcement hardware
      • Permanently installed client
      • Temporary (dissolving) client
      • Which of the following does the NAC solution use?
      • Switch span port
      • VLANs (virtual LANs)
      • 802.1x supplicants
      • DHCP (Dynamic Host Configuration Protocol) with route spoofing

      NAC products are sometimes offered as part of a broader range of endpoint or network security tools. For example, Symantecs Symantec Network Access Control can use a single agent to also provide personal firewall and anti-virus protection.

      • What endpoints can be controlled? Check all that apply.)
      • Handhelds
      • Laptops/desktops
      • Devices connected via wireless
      • Devices connected via wire
      • Client operating system

      Which of the following endpoint assessments does the NAC system check for?

      • Programs that must be present to connect
      • Programs that must not be installed to connect
      • Client operating system
      • Windows Registry settings
      • Operating system patches
      • Application patches
      • Anti-virus program
      • Anti-virus pattern file

      Most NAC solutions are geared toward controlling Microsoft Windows-based endpoints. A few platforms, including Caymas Systems Caymas Access Gateway, also support Apple Computers Mac OS X-based endpoints.

      What types of authentication integration are supported?

      • Internal
      • LDAP
      • Active Directory
      • eDirectory
      • RADIUS

      What quarantine measures are supported?

      • Captive portal
      • Move to VLAN
      • Individual isolation
      • Direct to internal anti-virus remediation portal
      • Direct to external anti-virus remediation resource
      • Direct to internal patch server
      • Direct to external patch server
      • Direct to internal software update site
      • Direct to external software update site
      • Admit after successful remediation

      Post-admission-monitoring capabilities are:

      • Periodic, based on time interval
      • Periodic, based on endpoint behavior
      • There are no post-admission-monitoring capabilities

      Which access locations change assessment practices?

      • LAN
      • Wireless
      • IPSec (IP Security) VPN
      • SSL (Secure Sockets Layer) VPN
      • None

      NAC solution assumes that contractor/guest connections are:

      • The rule: The connections that will be controlled by this solution are almost always contractors or guests, not managed users
      • The exception: The NAC solution monitors all connections and operates most completely when endpoints are under full management control. Guest endpoints are assessed, but remediation may require outside resources

      During installation and normal use, the end user will:

      • Not be aware of the NAC solution
      • Notice the NAC solution during installation but not with normal use
      • Always see a tray icon or screen artifact

      All products provide warnings when end-user systems fail assessment and are not admitted to the network.

      POLICY CREATION AND SYSTEM MAINTENANCE

      Given the number of managed seats and locations we have specified, initial policy creation will likely take:

      • One to three days
      • Three to 10 days
      • More than two weeks

      Given the number of managed seats and locations we have specified, initial policy creation will likely involve:

      • One to three FTE (full-time equivalent) staffers
      • Three to five FTE staffers
      • More than five FTE staffers

      Given the number of managed seats and locations we have specified, day-to-day operations during an unexceptional month will likely require:

      • One FTE staffer
      • Two to three FTE staffers
      • More than three FTE staffers

      REPORTING

      Reports can be run:

      • In real time
      • On a schedule
      • Based on system templates
      • Completely ad hoc
      • From data imported from an outside database support

      SUPPORT

      • What are the terms and availability of basic support?
      • What premium support services are available, and how much do they cost?
      • What online help and training tools are available?

      COST-BENEFIT ANALYSIS

      • What does the product cost, including base costs and costs for additional features and components?
      • What are the various pricing options available?
      • What cost advantages will be realized by choosing this solution?

      REFERENCES

      Please provide reference customers that have completed a similar deployment, with similar numbers of users and applications in the same industry.

      Cameron Sturdevant
      Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×