Loading in 2 Seconds...
Loading in 2 Seconds...
Network Security Effective Practices - NAC/P, TNC A Survey of Network Access/Admissions Control Security Practices in Higher Education H. Morrow Long Director, Information Security Yale University Educause 2007 Annual Conference Session Wednesday, October 24, 2007 11:30 a.m. - 12:45 p.m.
H. Morrow Long
Director, Information Security
Educause 2007 Annual Conference Session
Wednesday, October 24, 2007 11:30 a.m. - 12:45 p.m.
This presentation will discuss a survey and informal poll of the current campus network access and admissions security practices and products in higher education on both wired and wireless networks.
In 2003, RPC/DCOM worms (Blaster, NACHI) caused widespread problems on campus networks. NetReg, Bradford Campus Networks and other reg/quarantine systems were used as effective solutions.
Cisco (bought Perfigo) and many vendors (particularly wireless) entered this market.
Microsoft and the TCG alliance have been promising standars (w/Cisco) for a time (2008?).
IS NAT RELEVANT AND STILL NEEDED?
Practical NAC/P Planning “high level short list”:
Detailed and Specfic list:
Date: Fri, 19 Jan 2007 15:58:22 -0500
Reply-To: The EDUCAUSE Security Discussion Group Listserv
From: "Charles L. Bombard"
Subject: Re: Network access control
In-Reply-To: <[log in to unmask]>
Content-Type: text/plain; charset="us-ascii"
Still looking. I am on the fence (excuse the pun) and can go with either one at the moment. Packetfence seems to have acquired a large following, and netreg seems to not be in active development any longer. www.netreg.org www.packetfence.org - Charlie ========================================== Charles Bombard, GSEC LAN/Systems Administrator Community College of Vermont 119 Pearl Street Burlington, VT 05401 802.657.4234
Small Colleges (http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind07&L=smallcol&P=20469)
Date: Wed, 18 Apr 2007 11:00:47 -0400
Reply-To: The EDUCAUSE Small College Constituent Group Listserv
From: "Beyer, Bill (William)" <[log in to unmask]>
Subject: Network Access Control and Vista
Hartwick College has been an early adopter of Network Access Control using Sygate Secure Enterprise in conjunction with using 802.1x protocols on our HP network data switches. While Sygate has worked well it does have its limitations mainly that it does not yet have a Vista client (our fingers are crossed that it will be released in May 2007) or a workable Mac client or Linux client. Our plans also include rolling out Vista Business on the student laptops we will issue to all freshmen this fall.
Network Computing MagazineRolling Review Kickoff: Out-Of-Band NAC - Oct 22, 2007 - By Mike Fratto
“Thing is, out-of-band NAC seems to have an image problem: Our own reader research indicates that 65% of organizations deploying NAC prefer in-line appliances versus 50% using out-of-band products. And the outlook doesn't look likely to improve. Nearly 70% of companies in the planning stages are leaning toward in-line systems, versus just 43% favoring out-of-band NAC. A recent survey by Infonetics Research shows that 55% of companies plan on buying in-line NAC products; this syncs with the firm's market forecast, which shows more than half the NAC units shipped are in-line appliances. Is the problem just bad PR, or does the out-of-band approach really carry technical disadvantages compared with going in-band?”
Which NAC/P Securitymechanisms do[n’t] you use?
2.6% Solutions (1 Response each)
IBM (Internet Security Systems)
Impulse Point (Safe Connect)
InfoBlox (ID Aware)
Juniper Networks (Endpoint Assurance (was Funk))
LANDesk Software (Trusted Access)
Lockdown Networks (Lockdown Enforcer)
McAfee (McAfee Policy Enforcer)
Symantec (Sygate NAC)
Q1: Other Category
Several comments about not having NAC, planning on buying NAC, using oepn source or developing a home grown solution.
Q2: Other Category
RACS - homegrown system
We rolled our own (for wireless)
Saint Mary's NetReg and in house developed
Complete Home Brew
Q3: Other Category
Q4: Other Category
Just Authentication Currently
30 day registration
Once per Semester
Arbitrary, configurable check-in
Q5: Other Category