I just completed a new white paper on Deploying NAC.
NAC Deployment: A Five Step Methodology
Here’s the abstract:
Deployment of Network Access Control (NAC) technology throughout the enterprise is a complex and expensive process. As with any IT project, the success or failure of a NAC deployment will depend, to a great extent, on the design and architecture development processes that take place well before the actual installation begins. This white paper offers a five-step methodology that will position any enterprise for achieving success with its network access control deployment.
Here’s the Executive Summary:
Adding Network Access Control (NAC) to an existing network is a dramatic and significant change to the physical network. When NAC is in place, the network is no longer a neutral substrate for moving packets around as quickly as possible. Instead, it becomes a security barrier; authenticating users, evaluating the security of end-point systems, and applying access controls focused on the user and their security status. A NAC-enabled network is no longer a utility, like power and water, but must be tailored to fit organizationally into networking, security, and desktop management teams to be effective.
This white paper discusses five critical questions that must be answered at the very early stages of any NAC project. These technology-independent questions form the basis of a deployment methodology. By addressing these questions before you’ve picked products or even chosen the IT team members who will be assigned to complete the project, it is very likely that you’ll be able to address the most significant issues your team may encounter along the way to NAC success.
The five questions are:
1) What are your goals for bringing NAC into your network?
2) How will you use user authentication within your NAC policy?
3) How will you tie the End Point Security (also referred to as Posture Assessment) into your NAC policy?
4) Where in your network will you enforce access controls, and how granular will your enforcement be?
5) How will you ensure that your NAC deployment will be implemented systematically across your organization without causing unnecessary interruptions to your existing network?