NAC is about more than security at UNC
When the University of North Carolina at Chapel Hill implemented network
access control campus-wide last spring, it was as much a natural progression
of the school's network
management strategy as it was a security
project.
"We view good management as equal to security and security as equal to
good management," said Mike Hawkins, associate director of networking for
UNC Chapel Hill, during his talk at the recent Network World IT Roadmap Conference
& Expo in Dallas.
To many, NAC implies solutions that interrogate end devices to ensure they
have proper security controls in place before they are allowed on the network.
At UNC, it's more about automating the implementation of acceptable-use policies
that the school has had in place for years. And while tales abound of NAC rollouts
that require wholesale network infrastructure upgrades, UNC has NAC working
on switches that are as many as 7 years old and come from multiple vendors.
Of course it helped that UNC was in on the ground floor with its NAC vendor,
enabling it to help shape what the product looked like. (Because of university
policy against endorsing vendors, UNC declined to name vendors for this story.)
Background
UNC Chapel Hill, the second-oldest public university in the United States, has
some 28,000 students, 3,100 faculty and 7,500 staff. Altogether, some 35,000
users of traditional computing devices connect to its network each day along
with about 50,000 other types of devices, ranging from soda machines to parking
gates and water meters.
For years the university has been applying acceptable-use policies to its switch
ports to dictate what each type of device can and cannot do when it connects
to the network. While that worked well enough, it was a manual, static process
to assign an acceptable-use policy each time a new device wanted to connect.
The university's NAC implementation brings a new level of automation to the
table, said Jim Gogan, director of networking at UNC Chapel Hill. "The
issue is how to provide the appropriate policies for whatever class of device
wants to connect," he says. If a utility group connects a steam meter,
the network should immediately recognize the device is a steam meter and apply
the appropriate policy. That saves the network group from having to get involved
every time some specialized device needs to connect.
"This is precise, granular edge control over what goes on in the network,"
Hawkins said. "I see very few NAC solutions that are actually doing this."
The term NAC typically conjures images of solutions that interrogate end devices
to ensure they have proper security controls in place before they are allowed
on
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
