Nortel Webinar Sept 20
Stay Current


Choose the Right NAC

What to ask before you buy a network access control solution for your business.

By Brian Robinson on May 25th, 2007

So, you’ve finally decided that NAC is something that suits your needs. Here some things you need to know about the solution you choose:

Related Articles:

Is the system agent-based or agent-less?

If you have a static environment with few mobile or remote devices that need to attach to the network and you know there will be no visitors or guests on the system, then you can safely choose a NAC that uses software agents on each endpoint. More likely, however, you’ll have an environment with a growing number of different kinds of mobile devices, and outside contractors and visitors that will need access. That’s not something an IT staff will be able to handle easily with agent software, so the need here is for a solution that doesn’t require pre-installed agents on each endpoint.

Does it offer comprehensive enforcement?

Will the solution handle all the use cases you need it to, all internal and remote users and devices and dynamically handle changes in the health of endpoints?

Look for a solution that can enforce a range of network and security policies, have the ability to block or quarantine any system that doesn’t comply with those policies and will automatically update things such as antivirus signatures and install operating system patches as needed.

How easy is it to manage?

The solution should be easy to install and require as little ongoing maintenance as possible, with policy updates and other functions managed from a single point, preferably something that integrates with the existing security management console.

It should also integrate easily with the existing security infrastructure, such as firewalls, authentication schemes and auditing tools.

What are my options for growth and expansion?

Nothing in IT or security lasts forever and that’s doubly so for the NAC marketplace, which is guaranteed to be dynamic and rapidly changing for the foreseeable future. So make sure the system you deploy today is as flexible, and based as much on open specifications and standards as possible. Don’t get locked into something you can’t easily migrate to another solution in the future.

Is it scalable?

Chances are that any NAC will first be deployed to guard high priority systems and users rather than as a whole enterprise solution, or in some limited role as a test or pilot system. However, always choose the NAC on the basis of how well it will apply to the full enterprise not how well it will do just in those first, constrained roles.

What’s the total cost of ownership?

Don’t assume that the vendor’s stated cost for its NAC solution is the final amount you’ll pay. You’ll have to do an assessment of your network and security infrastructure before deploying any NAC, and the chances are you’ll have to replace and upgrade at least some of it to have it work with that solution.

Related Stories:

5 Steps to NAC Deployment

Network Access Control: Securing the Perimeter

NAC Security: The New Hotness

NAC Comparison Guide


All fields are required. Your E-mail will not be published.

Nortel Webinar Sept 20