Fortress NetGuard     Web                

English || عربي
 

 
>>Consultation Services >> Network Access Control
Network Access Control

 

NAC Planning

There are certain questions which need to be answered before the deployment of NAC takes place. 

There are certain criteria the customer should closely examine regarding the NAC solution and the NAC vendors before they are selected.

What are the reasons for your NAC consideration?

  1. Must understand what NAC adds to their existing solutions before they consider it.
  2. Must understand the solution and perform a cost and benefit evaluation before hand.
  3. Can NAC be implemented using existing and complementary solutions.

------------------------------------------------------------

Where in your network are you planning to sit the NAC solution and Why?

Here are few examples of where NAC can be installed:

  • At the point of entry :Switch or VPN device.
  • At a deeper security layer: Firewall .
  • At the perimeter: Remote Access.
  • Within the core network: Routers.
  • Multiple NAC enforcement points can be installed depending on the customer’s needs.
-------------------------------------------------------------------------

Are you planning to make use of existing security solutions in your network?

The answer should be absolutely.  Here is some consideration you need to share with the NAC vendor

  1. How can NAC solution make use of IPS and IDS systems installed in your network (if any)?
  2. How can NAC solution make use of vulnerability scanners already existing in your system (if any)?
  3. How can NAC solution best utilize firewalls, routers and switches installed in your network (if any)?
  4. How can NAC solution make your security tools smarter by sharing information about users in your network?
  5. How can NAC solution make use of your Identity Management solution (if any)?
  6. How can NAC solution utilize Microsoft’s NAP (Network Access Protection)?

-------------------------------------------------------------

What are the steps you are planning to take to ensure that the installation and deployment of NAC solution will not cause any interruption or problems to your existing network?

Here are some points you need to consider:

  • You Network team, your security team and the vendor’s teams need to work together during design, installation, configuration and deployment of the solutions.
  • A detailed survey of the customer’s network must be used before NAC deployment.
  • Maximize the usage of existing hardware and software solution already used by the customer.
  • If possible, install the solution modularly and test as you go.

 

 

 

Network Access Control (NAC) is a solution desired by many customers to secure their end point before the end point attempts to get company network access. NAC enforces policies on end points set by the customer. If the endpoint meets policy requirements, the endpoint then gets access to the network, if it does not, the endpoint is quarantined. The system can then attempt to apply patches and solutions to bring the endpoint to the policies.

Some customers are clearly confused about NAC and what solution to implement: Agentless or Agent solution, Appliance bases solution or Software based solution, out of band or Inline solution and so on. Here are some of the consultation topics we helped one of our customers understand before actually implementing the NAC solution. FNG engineers completed a NAC project in Saudi Arabia in 2009.

---------------------------------------------------------------------

Questions to Direct to your NAC Vendor

The following is a sample of a list of questions which should be directed to the NAC vendor solution provider:

  • Did your NAC vendor analyze your network infrastructure before proposing their NAC solution?
  • Did your NAC vendor explain to your IT team the where they are planning to install the NAC solution and why?
  • Is your NAC vendor planning to utilize your existing security solutions deployed in your network?
  • Is your NAC vendor willing to support and make use of the Network Flow Data?
  • Is your NAC vendor willing to assess any possible redundancy in technologies or solutions already implemented in your system?
  • Is your NAC vendor willing to give your team sufficient training to allow your IT team operate the NAC solution independent from them?
  • Is your NAC vendor going to provide enough information to the users or systems that have been blocked access and inform them of the steps which need to be taken to gain access to the network?
  • Is your NAC vendor going to assure you that threats and vulnerabilities will be detected in real time before and during connections?
  • Does solution provided by the NAC vendor get updated automatically without user intervention?
  • Does the solution provide custom policy and scanning configuration?
  • Does the solution provide reporting mechanism? What level of reporting does it provide (Management / Technical )
  • What kind of platform does the NAC solution support?
  • Can the NAC vendor provide comparison data (Benchmark Data) against other popular products in the market?

 
Copyright 2009-2010 © Fortress NetGuard Inc. All rights reserved.