Solved

NAC (Network Access Control) - ET

Posted on 2014-01-09
2
728 Views
Last Modified: 2014-01-10
We're doing a proposal for a customer who is requesting NAC services on their LAN switches. They would like to control which computers are able to access the network (by mac address). Other NAC services would also be helpful such as:
 - Check computer for AV software prior to connecting to network.
 - Connect guest computers (non authorized PCs) to separate LAN

I dont know much about NAC. So far i found two; HP Identity Driven Management Software and Bradford Networks. Does anyone have experience with these or others?

Typically we use HP switches so would prefer to stick with those however are open to others.
0
Comment
Question by:tabush
2 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 39769137
I have experience with Cisco ISE, but don't know how well it would work with HP switches.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39770214
I've tested them all, I swear it. Far and away the "best" is ForeScout, but that isn't saying too much. PacketFence is a free open source solution that was better than most commercial offerings you'll find on Gartner's MQ.

Scanning for patches and AV is going to make the admins happy on one hand, sad on the other. The happy part, you get a great inventory, esp with forescout, but the sad part is you cannot do anything to the users machines directly using the NAC products. Especially guests, or non-company hosts. Would you let another Admin from a separate and probably unrelated business patch and "secure" you user's computers? Do not go down the "remediation" path, all NAC systems fail. The only thing you can do with nac is a glorified inventory.
I'll bring in my computer, your NAC scan's it, sees I have AV patched updated, the OS is updated too. I use a "free" AV I got from a russian site, has all the same settings and registry entries, does no real scanning. Nac is only a CYA technology, and it doesn't cover you *** that well. a user can turn off their AV, or a virus can, or a user can be infected while updated and fully patched. NAC does nothing other than inventory in the end.
I tell my customers, you've gone this long without it, keep it that way. Ban BYOD, it's your network, you do not have to let everyone else dictate what you allow on your network... Setup a internet only guest wifi, and give them that. People can then check their email over webmail/gmail etc... There is no reason to let people on your FULL internal network. NAC can automate some tasks for guests, and lock them down, but what for, all they need is internet, so cut out the middle man.
http://www.experts-exchange.com/Security/Misc/A_12736-Bring-Your-Own-Device-Security-NAC-MDM.html
-rich
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now