Keeping an Eye on the Network: Campuses Deploy Network Access Control to Protect Users and the Network

By Powers, Vicki | University Business, March 2008 | Go to article overview

Keeping an Eye on the Network: Campuses Deploy Network Access Control to Protect Users and the Network


Powers, Vicki, University Business


[ILLUSTRATIONS OMITTED]

UNLIKE CORPORATIONS, HIGHER education institutions face unique challenges with IT security. As students arrive each semester with their own computers, many times their security devices are off, their anti-virus software is gone or simply outdated, and odd configurations abound.

"The challenge has always been how to take student laptops and bring them to a certain minimum level of health," says Steve Hanna, distinguished engineer at Juniper Networks and co-chair of the Trusted Network Connect Work Group, part of the nonprofit industry standards organization Trusted Computing Group. "It's important to identify machines whose defenses aren't up to snuff and get them fixed so you can have a stable network." Not to mention, the open information-sharing environment of a university encourages all kinds of people outside the campus to access the network as well.

The business driver for Network Access (or Admission) Control (NAC) focuses on protecting information resources on the network, which face growing security risks. It involves policies such as preadmission endpoint security policy checks and post-admission controls over where users and devices can go on a network. NAC in the education world primarily focuses on dealing with student-owned assets and access control issues on an open network. Hanna says NAC relieves the "first-week phenomenon" when students move in by automating the health check and remediation process. The NAC approach aims to keep student laptops healthy and maintained throughout the year. For that reason, Hanna believes it's easy to justify the purchase of an NAC tool in a campus environment.

"The burden placed on the IT staff in the first week of school--it's just impossible to meet successfully," Hanna says. "You can't take thousands of students through a manual process checking their machines ... but yet you also can't feasibly deal with the situation when the network becomes unstable or too dangerous to use because infected machines are coming back on campus."

Hanna says the growing trend in the last few years toward using NAC on college and university campuses is partly related to the availability of more commercial products. Going back 10 years, NAC campus pioneers created their own tools. Today IT folks can purchase off-the-shelf products from vendors with support, which makes the deployment much easier from an administrative standpoint.

One emerging trend in NAC for colleges, Hanna says, is integrating other security functions with NAC, which after all is a combination of technologies mixed together to increase the level of control. It's not just a product to purchase. Rather than maintaining isolated silos for intrusion detection, firewalls, and such, the trend is integrating the security component by moving to open standards. Increased maturity and broader endpoint integration are two other trends affecting the future of NAC in education, Hanna says.

Three Approaches to NAC

Experts recommend that NAC deployment be used for the right reasons. Executives at Juniper Networks point out that institutional leaders must understand the problem and goals before deploying an access control solution. Is the goal to protect the network from malware, such as worms, viruses, Trojan horses, and spyware introduced by managed or unmanaged devices? To increase the flexibility of the network to safely allow access for a variety of user types? To restrict access to specific data and applications based on user roles? To gain visibility into network activity and correlate to specific users? All of these needs can require unique solutions and approaches to deploy NAC tools. Technology research and advisory firm Gartner defines three NAC common approaches as infrastructure-based, endpoint software-based, and network security appliance-based.

Infrastructure-Based NAC

Infrastructure-based NAC focuses on upgrading the network or operating system infrastructure to garner integrated NAC functionality. …

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Keeping an Eye on the Network: Campuses Deploy Network Access Control to Protect Users and the Network
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited passage

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.