- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
When the University of North Carolina at Chapel Hill implemented network access control campus-wide last spring, it was as much a natural progression of the school's network management strategy as it was a security project.
"We view good management as equal to security and security as equal to good management," said Mike Hawkins, associate director of networking for UNC Chapel Hill, during his talk at the recent Network World IT Roadmap Conference & Expo in Dallas.
To many, NAC implies solutions that interrogate end devices to ensure they have proper security controls in place before they are allowed on the network. (Compare Network Access Control products.) At UNC, it's more about automating the implementation of acceptable-use policies that the school has had in place for years. And while tales abound of NAC rollouts that require wholesale network infrastructure upgrades, UNC has NAC working on switches that are as many as 7 years old and come from multiple vendors. Of course it helped that UNC was in on the ground floor with its NAC vendor, enabling it to help shape what the product looked like. (Because of university policy against endorsing vendors, UNC declined to name vendors for this story.)
UNC Chapel Hill, the second-oldest public university in the United States, has some 28,000 students, 3,100 faculty and 7,500 staff. Altogether, some 35,000 users of traditional computing devices connect to its network each day along with about 50,000 other types of devices, ranging from soda machines to parking gates and water meters.
For years the university has been applying acceptable-use policies to its switch ports to dictate what each type of device can and cannot do when it connects to the network. While that worked well enough, it was a manual, static process to assign an acceptable-use policy each time a new device wanted to connect.
The university's NAC implementation brings a new level of automation to the table, said Jim Gogan, director of networking at UNC Chapel Hill. "The issue is how to provide the appropriate policies for whatever class of device wants to connect," he says. If a utility group connects a steam meter, the network should immediately recognize the device is a steam meter and apply the appropriate policy. That saves the network group from having to get involved every time some specialized device needs to connect.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (6)
Didn't happen if there aren't any picturesBy Anonymous on June 2, 2008, 4:57 pmHere's their next article. We did some tech stuff, saved bazillions of dollars, our users think we're gods, shaved our IT dept. down to three guys living in a...
Reply | Read entire comment
EnterasysBy Anonymous on May 13, 2008, 12:00 pmEnterasys Sentinel is now known as Enterasys NAC - see http://www.enterasys.com/products/advanced-security-apps/enterasys-network-access.aspx for more
Reply | Read entire comment
It is the Enterasys Sentinel product.By Anonymous on May 13, 2008, 9:19 amIt is the Enterasys Sentinel product.
Reply | Read entire comment
Good question, but ...By Adam Gaffin on May 12, 2008, 4:27 pmAs Paul noted in his article: "Because of university policy against endorsing vendors, UNC declined to name vendors for this story." Still, looks like you might...
Reply | Read entire comment
EnterasysBy Anonymous on May 12, 2008, 4:16 pmIt looks like UNC is using the Enterasys NAC product.
Reply | Read entire comment
View all comments