NAC is about more than security at UNC
When the University of North Carolina at Chapel Hill implemented network
access control campus-wide last spring, it was as much a natural progression
of the school's network
management strategy as it was a security
project.
"We view good management as equal to security and security as equal to
good management," said Mike Hawkins, associate director of networking for
UNC Chapel Hill, during his talk at the recent Network World IT Roadmap Conference
& Expo in Dallas.
To many, NAC implies solutions that interrogate end devices to ensure they
have proper security controls in place before they are allowed on the network.
At UNC, it's more about automating the implementation of acceptable-use policies
that the school has had in place for years. And while tales abound of NAC rollouts
that require wholesale network infrastructure upgrades, UNC has NAC working
on switches that are as many as 7 years old and come from multiple vendors.
Of course it helped that UNC was in on the ground floor with its NAC vendor,
enabling it to help shape what the product looked like. (Because of university
policy against endorsing vendors, UNC declined to name vendors for this story.)
Background
UNC Chapel Hill, the second-oldest public university in the United States, has
some 28,000 students, 3,100 faculty and 7,500 staff. Altogether, some 35,000
users of traditional computing devices connect to its network each day along
with about 50,000 other types of devices, ranging from soda machines to parking
gates and water meters.
For years the university has been applying acceptable-use policies to its switch
ports to dictate what each type of device can and cannot do when it connects
to the network. While that worked well enough, it was a manual, static process
to assign an acceptable-use policy each time a new device wanted to connect.
The university's NAC implementation brings a new level of automation to the
table, said Jim Gogan, director of networking at UNC Chapel Hill. "The
issue is how to provide the appropriate policies for whatever class of device
wants to connect," he says. If a utility group connects a steam meter,
the network should immediately recognize the device is a steam meter and apply
the appropriate policy. That saves the network group from having to get involved
every time some specialized device needs to connect.
"This is precise, granular edge control over what goes on in the network,"
Hawkins said. "I see very few NAC solutions that are actually doing this."
The term NAC typically conjures images of solutions that interrogate end devices
to ensure they have proper security controls in place before they are allowed
on
Win an Amazon Kindle!
This month's giveaway gadget - Amazon's Kindle - will keep you entertained on the long trip home to visit family and friends over the holidays. Enter the drawing now!
Applied Security Visualization
By Raffael Marty
Published by Addison-Wesley Professional
Learn more!
IT Manager's Handbook
By Bill Holtsnider and Brian D. Jaffe
Published by Morgan Kaufmann
Learn more!
Windows Vista Resource Kit
By Mitch Tulloch, Tony Northrup, and Jerry Honeycutt
Published by Microsoft Press
Learn more!
