Product Guides- Three ways a Twitter hack can hurt you
- Outlook '09
- IBM employees buzzing about layoff rumors
- Microsoft layoff rumors continue their swirl
- Salary calculator
When it comes to NAC and LAN security, I hear people talk about pre- and post-admission. What are the benefits of each?
The functions associated with pre- vs. post-admission NAC are quite different, and as a result, the benefits of each differ as well. Sometimes called pre- and post-connect, the terms refer to the features associated with admitting someone onto the LAN - the pre-admission steps - vs. the functions involved in controlling users after they're on the LAN - the post-admission features.
Pre-admission NAC includes authenticating a user's login credentials and checking whether the user's computer meets a company's security standards. These authentication and posture check steps are a critical first step to securing your LAN and provide several key benefits. First, you can use authentication to quickly separate corporate users from guests. You can further delineate between employees and contractors with authentication, provided you've included contractors in your authentication database and have designated them as such. This fundamental feature enables you to block access to anyone who doesn't belong on your LAN in the first place.
The posture-check step is key to preventing the spread of malware - primarily known malware. Posture-check or endpoint-validation technologies range in capabilities, but in general, they provide the benefit of detecting the presence of malware or other signs of a compromised system. Some of the more fully featured systems allow you to customize what the posture-check software should look for on a system, including changes to the Registry file, the presence of adware or spyware, or company-specific files or other markers that should be on company-owned assets.
To truly gain the malware-avoidance benefits of posture-check software, you'll need to look for solutions that can span both managed and unmanaged systems. If you're only ever checking the corporate-owned computers, for instance, you'll leave yourself open to infection by guest machines. Support for unmanaged machines will require downloadable or dissolvable posture-check software, since you won't be able to pre-load software on guest machines.
To sum up the benefits of pre-admission checks, you'll ensure that only the right people and "clean" machines are able to get onto your LAN.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comment