Filter
Top Products
26 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
2.2 Definition of a Network Admission Control project
Objectives of a Network Admission Control solution must be carefully planned
because the result of having a large number of workstations quarantined may be
more disruptive to the business than a particular virus attack.
Planning the Network Admission Control is an organizational challenge for most
enterprises as it requires close cooperation among different groups of people in
different roles, typically not closely related:
Security officers responsible for the formal audit and compliance process
Network administrators responsible for configuration of network devices
Administrators responsible for everyday PC configuration and maintenance
It is essential to follow these steps in the implementation of the IBM Tivoli
Security Compliance Manager and Cisco Network Admission Control:
Creation of the policies to meet the business requirements and needs
Building the policies on the compliance server
Deploying the clients with the required software and initial policy
Defining and implementing the remediation process
Preparing the network infrastructure
Turning on the security compliance enforcement
2.2.1 Phased rollout approach
Enforced Network Admission Control solutions are new to the industry and are
not yet widely adopted so the phased approach to rollout is highly recommended.
In the first phase the most vulnerable network segments should be selected.
These networks can be selected based on network topology knowledge or on the
statistics from threat monitoring software.
NAC planning and deployment may be combined with the process of deploying
wireless networks, along with IEEE 802.1x authentication.