Companies are yearning for a solution to guard their network from security risks such as external or untrusted users, and unmanaged endpoints on their internal LAN. NAC technology works well, but a strategic solution is required to fully address the problem of the dissolving network perimeter.
Best Practices for Deploying LAN
Security and NAC Nevis Networks Persistent LAN Security Solutions
Nevis Networks | Best Practices for Deploying NAC and LAN Security 1 THE NEED FOR LAN SECURITY .........................................................................................................................................3 PLANNING AND DEPLOYMENT..........................................................................................................................................3 What are the main problems?...............................................................................................................................3 What constitutes success? ....................................................................................................................................4 DEPLOYMENT GUIDELINES ................................................................................................................................................4 Gather information first .......................................................................................................................................4 Start Small with Friends.......................................................................................................................................5 Scale to Larger User Populations.........................................................................................................................5 Enable Features Incrementally.............................................................................................................................5 EXAMPLE OF A PHASED DEPLOYMENT.........................................................................................................................5 Installation and Initial Configuration...................................................................................................................6 Configure User Authentication ............................................................................................................................6 Configure Pre-Connect Endpoint Integrity ..........................................................................................................6 Enable Access Control Policy and Enforcement..................................................................................................6 Advanced Policy and Threat Detection Enforcement ..........................................................................................6 NEVIS LAN SECURITY...........................................................................................................................................................7
Nevis Networks | Best Practices for Deploying NAC and LAN Security 2 THE NEED FOR LAN SECURITY In the past, enterprise LANs were built assuming that threats come from outside the enterprise, and that all internal users are equally trustworthy. This was the case at one time, when the endpoints were provided and managed by the enterprise, and before a general expectation of Internet access became a perquisite of the workplace. In those days, good security meant a good perimeter firewall and maybe some desktop anti-virus software. It is now well accepted that things have changed drastically, creating a need for additional security measures within the LAN itself. It is no longer easy to control what devices are attached to the internal network - user laptops shared with other family members, PDAs, even cell phones can "plug and play," get a dynamic address, and access just about anything, from party mailing lists to HR benefits to business critical applications. Furthermore, business reasons have caused the LAN to be opened up to guests, temporary contractors, and outsourcing partners, among others - regardless of whether these users had unmanaged or even unmanageable endpoints. There is growing recognition that LAN security has to go beyond the desktop and into the network infrastructure itself. Not only can security software not be relied upon to be installed and functional, such software is fairly easy to circumvent or disable. The desktop operating systems in wide use by enterprises today have been designed also for mass market appeal - ease of use features, especially ease of installation, enables a variety of applications for entertainment as well as productivity, but also introduces the potential for misuse as well as unintentional i... [download for more]
