good practices and lessons learned from enhancing public access ...
Network Access Control: Lessons Learned
description
Transcript of Network Access Control: Lessons Learned
![Page 1: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/1.jpg)
http:://strominator.com 1
Network Access Control:
Lessons Learned
For AITP/STL November meeting
David Strom, http://strominator.com
(310) 857-6867
![Page 2: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/2.jpg)
2http://strominator.com
What you’ll learn today
• Four successful deployments
• Seven requirements
• Five common pitfalls
![Page 3: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/3.jpg)
3http://strominator.com
Five common NAC pitfalls
• Trying to protect everyone at once
• Failing to understand how many PCs really need remediation
• Having too many sources of security policies around your network
• Believing NAC works across your entire OS population
• NAC can introduce significant login delays
![Page 4: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/4.jpg)
4http://strominator.com
Our four case studies
Product Site No. of clients
Microsoft Forefront Security
Allina Hospital, Minneapolis MN
23,000
Sophos Endpoint Control
TechTeam Global, Detroit 60 now, eventually 1,400
Still Secure SafeAccess A major multinational cosmetics corporation, NYC
20,000
Wave Systems Embassy Trust Suite, TNC
Papa Ginos Restaurants, Boston
250
![Page 5: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/5.jpg)
5http://strominator.com
![Page 6: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/6.jpg)
6http://strominator.com
![Page 7: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/7.jpg)
7http://strominator.com
![Page 8: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/8.jpg)
8http://strominator.com
![Page 9: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/9.jpg)
9http://strominator.com
Multinational cosmetics company
![Page 10: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/10.jpg)
10http://strominator.com
![Page 11: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/11.jpg)
11http://strominator.com
![Page 12: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/12.jpg)
12http://strominator.com
![Page 13: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/13.jpg)
13http://strominator.com
Pre-deployment NAC guidance for managers
• I have found based on my interviews several things that our IT managers have learned and hope you can avoid their mistakes too!
![Page 14: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/14.jpg)
14http://strominator.com
1. Support for non-XP clients is spotty
![Page 15: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/15.jpg)
15http://strominator.com
2. Remediation isn’t easy
![Page 16: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/16.jpg)
16http://strominator.com
3. You can’t protect everything
![Page 17: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/17.jpg)
17http://strominator.com
4. Centralize security policy management
![Page 18: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/18.jpg)
18http://strominator.com
5. Start with simplest elements
![Page 19: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/19.jpg)
19http://strominator.com
6. Pick your pilot group carefully
![Page 20: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/20.jpg)
20http://strominator.com
7. Decide whom you want to authenticate: PCs or users?
![Page 21: Network Access Control: Lessons Learned](https://reader035.fdocuments.in/reader035/viewer/2022062519/56814f80550346895dbd33a7/html5/thumbnails/21.jpg)
21http://strominator.com
Summary and conclusions
• NAC can be useful and successful with the right planning
• Match the product and strategy to your particular circumstances and test carefully
• Take it in baby steps, but keep your eye on the (eventual) remediation ball