Network Access Control Technologies and Symantec Compliance on Contact
NAC solutions require multiple enforcement methods and policy flexibility to cover the entire enterprise network. As an innovator in NAC solutions, Symantec provides the most comprehensive and flexible set of options for deploying NAC to best fit your enterprise needs. Read this paper to learn more about the theory behind Symantec’s technology.
Click here to download PDF

The Essential Elements of Comprehensive Endpoint Security
Description: For today’s computing environments, there is little question that endpoint security is a required component of an overall enterprise security strategy. Read this paper is to clarify the various aspects of the endpoint security problem and to identify the functional requirements of a comprehensive endpoint security solution.
Click here to download PDF

Internet Security Threat Report
The Highlights of this volume reveals the security threat environment continues to be populated by lower-profile, targeted attacks as cyber criminals identify new ways to steal information or provide remote access to user systems. This report offers analysis and discussion of threat activity, including: Internet attacks, vulnerabilities, malicious code, phishing, spam, security risks, and future trends.
Click here to download PDF

Waiting on Microsoft

Fulton County selects Microsoft's NAP scheme as the low-cost option, but deployment is predicated on SMS and Longhorn ship dates

Fulton County in Georgia is about as far along as any place in implementing Microsoft's version of network access control. But even Fulton County won't be able to put Microsoft's Network Access Protection (NAP) into production for several more months.

The Microsoft endpoint protection architecture delivers what the county wants -- the ability to check the status of machines before they gain network access -- but the individual pieces aren't ready yet, says Robert Taylor, the county's CIO and director of IT.

Taylor has had Microsoft's Vista client, which enables NAP, on his PC since July 2005 as part of a Microsoft beta program. But the county is waiting for Longhorn Server and an upgrade to Microsoft System Management Server (SMS) that will make it possible to push Vista out to 5,000-plus users.

Without that SMS upgrade, deploying NAP would be too time consuming. "So what we have to end up doing is basically running around from PC to PC and doing it manually. I don't have enough resources to do that," Taylor says.

The county wants to take advantage of its Microsoft enterprise software license to add NAP protections without extra costs by leveraging Vista, which reports on the status of endpoints, and Active Directory in conjunction with Longhorn server, which supply and enforce NAP policies.

The county considered using Cisco's Network Admission Control, but the $170,000 bid was too expensive. "With Microsoft, NAP is bundled within the product itself, and so we don't have to pay the $170,000 to get it. It's strictly economics," Taylor says.

Blasted by Blaster

With NAP making sure county computers have properly patched operating systems and security software updated and switched on, the network will be less vulnerable to attacks such as the Blaster worm that brought Fulton County jails to their knees in 2004, Taylor says.

Blaster ravaged the network during an agonizing four days in which there was no access to state and federal crime databases. "You could not let people in the jail or let people out of the jail," Taylor says. "You've got a little old lady out there saying my son's been in jail, and he didn't do anything wrong. but they're keeping him in there and won't let him out, and it's all IT's fault."

Other key benefits of NAP include less time spent fixing infected machines, a task that ties up one or two technicians per day reimaging them. And NAP will save time and money in the maintenance budget, Taylor says.

Contractors for the county who join the network via VPNs will be checked by NAP, making sure their machines also are clean. "We won't have to worry if they're compromising us," he says.

NAP also will support IPSec encryption of sensitive data, which will help the county meet Health Insurance Portability and Accountability Act regulations, Taylor says. Vista and Longhorn server supply the VPN components. "We don't have to go out and buy third-party software to do encryption. That's a big cost, too," he says.

Fulton County plans to start testing NAP next month when SMS is expected to ship. "The whole NAP rollout initiative will start after that, maybe in the second or third quarter of 2007," Taylor says.

Back to top

Click here to submit a story for consideration by Cram Session Editor, stories@cramsessionnac.com