- +
Hiring Manager: Emphasize Integrity, Attitude 14/12/2007 11:18:07
William Howell shares his hiring mistakes and his secrets for selecting the best job candidates, finding objective references and using LinkedIn as a recruiting tool.William Howell shares his hiring mistakes and his secrets for selecting the best job candidates, finding objective references and using LinkedIn as a recruiting tool.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Realizing the Value of Unified Communications
Market Trends: Multienterprise/B2B Infrastructure Market | Worldwide | 2008
Choices in Storage Architecture for Oracle Environments
Enterprise Wireless WLAN Security
Mobile Solutions Deliver Improved Efficiency to Star Track Express
Agile in the Enterprise
Email Archiving Implementation: Five Costly Mistakes to Avoid
Radicati Market Quadrant 2008 on Corporate Web Security
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
The chance discovery of a consultant plugging in a laptop on its network led Missouri insurance company GEHA to install NAC as a means for segregating visitors from the corporate LAN.
Since installing Nevis Networks' LANenforcer devices on its network this fall, the company has used it to control unauthorized visitors, but has held off using other features except for monitoring purposes, says Justin Gerharter, systems engineer for the firm.
Eventually, the company will use the gear to scan endpoints to make sure they comply with security posture and to monitor behavior of devices after they are on the network to make sure they behave according to policy.
The company saw a need for NAC in July when it caught an unauthorized user logging in. "One day the guy sitting next to me happened to be going through DHCP scopes and saw an unfamiliar network name associated with an IP address," says Gerharter. "Sure enough, it was a consultant who had plugged a laptop in. That was the incident that drove home the need for [NAC]."
The consultant wasn't up to mischief, but the incident set off a wave of concern. "The question was raised, how many times has this happened?" Gerharter says.
The desire was to make sure that every machine that got on the network at the very least was authorized to be there, he says. "If they were on, we wanted to make sure we had control over where they could get to," Gerharter says.
The company sought advice on which NAC vendor to use from its resellers and came back with Cisco and Nevis as options. The company tested Nevis gear at a VAR's demonstration site. It tried but could not schedule a test of the Cisco gear, so Gerharter chose Nevis.
He liked that the Nevis device is in-line and plugs into access switches, becoming an enforcement point for the NAC policies. The company has about 25 Cisco access switches that feed into a Cisco core. The company required one LANenforcer 2024 at each site plus a LANsight management platform.
To put the device in place, he unplugged the connections between the access and core switches and plugged them into the LANenforcer instead. The device is set up with port pairs, one port taking the connection from the access switch, one taking the connection to the core switch. "You plug the edge switch into the top port and the core switch into the bottom port of the same port pair," he says.
Setting up NAC policies took very little training, he says. Guests have only one option, which is Internet access. That access for guests could be expanded if the need arose, he says. For company users and wired desktops, GEHA is running in monitoring mode only to gather logs of network behavior. The plan is to implement access policies for them next year.
GEHA ran across one glitch that temporarily stalled out its Avaya IP phones, Gerharter says.
When Avaya phones boot, they boot first into the data VLAN to receive its IP options, then reboot into the VoIP VLAN, Gerharter says.
GEHA configured the Nevis box so it inadvertently restricted this process. The Nevis policy that was set identified the phones by MAC address and allowed access only to the VoIP VLAN. That effectively locked the phones off the network because they had no way to go through the first half of their booting process, he says.
"We were making the network more secure than we needed to, and for these phones it created a problem," he says. He says Nortel phones boot in a similar way; Cisco's don't.
In addition to restricting guests to the Internet, the Nevis gear provides logs that reveal more detail about network traffic than Gerharter could get before. "We discovered things we never thought about as far as what people are doing and where they're going. There's been many unplanned benefits," he says.
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 2008-08-29 12:31:00+10
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 2008-08-29 12:00:00+10
Nortel and LG Electronics are First in World to Demonstrate Mobile LTE Handover 2008-08-29 11:30:00+10
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 2008-08-29 09:59:00+10
Sybase and Logica Partner To Mobilise The Supply Chain 2008-08-29 09:47:00+10
SOA and Agility
Organizations need agility to maintain strategic advantages in businesses operating on faster and faster time-scales. The difference between gaining and losing market share may very well depend on the ability of organizations to deploy updated or new applications before their competitors. Read on to discover how SOA-based application development can meet the promise of reduced application development and maintenance costs through service reuse.
