Solved

NAC (Network Access Control) - ET

Posted on 2014-01-09
2
760 Views
Last Modified: 2014-01-10
We're doing a proposal for a customer who is requesting NAC services on their LAN switches. They would like to control which computers are able to access the network (by mac address). Other NAC services would also be helpful such as:
 - Check computer for AV software prior to connecting to network.
 - Connect guest computers (non authorized PCs) to separate LAN

I dont know much about NAC. So far i found two; HP Identity Driven Management Software and Bradford Networks. Does anyone have experience with these or others?

Typically we use HP switches so would prefer to stick with those however are open to others.
0
Comment
Question by:tabush
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 39769137
I have experience with Cisco ISE, but don't know how well it would work with HP switches.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39770214
I've tested them all, I swear it. Far and away the "best" is ForeScout, but that isn't saying too much. PacketFence is a free open source solution that was better than most commercial offerings you'll find on Gartner's MQ.

Scanning for patches and AV is going to make the admins happy on one hand, sad on the other. The happy part, you get a great inventory, esp with forescout, but the sad part is you cannot do anything to the users machines directly using the NAC products. Especially guests, or non-company hosts. Would you let another Admin from a separate and probably unrelated business patch and "secure" you user's computers? Do not go down the "remediation" path, all NAC systems fail. The only thing you can do with nac is a glorified inventory.
I'll bring in my computer, your NAC scan's it, sees I have AV patched updated, the OS is updated too. I use a "free" AV I got from a russian site, has all the same settings and registry entries, does no real scanning. Nac is only a CYA technology, and it doesn't cover you *** that well. a user can turn off their AV, or a virus can, or a user can be infected while updated and fully patched. NAC does nothing other than inventory in the end.
I tell my customers, you've gone this long without it, keep it that way. Ban BYOD, it's your network, you do not have to let everyone else dictate what you allow on your network... Setup a internet only guest wifi, and give them that. People can then check their email over webmail/gmail etc... There is no reason to let people on your FULL internal network. NAC can automate some tasks for guests, and lock them down, but what for, all they need is internet, so cut out the middle man.
http://www.experts-exchange.com/Security/Misc/A_12736-Bring-Your-Own-Device-Security-NAC-MDM.html
-rich
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question