Securing the network border by checking clients prior to admission

He reassured American businesses catering to Canadian tourists that new ID and documentation requirements would not be “too restrictive.”

In short, the U.S. government is trying to make sure people who try to enter their country through a border crossing – without hopping a fence in Nogales or sneaking across the Saint Clair River – are who they say they are and do not pose a security risk.

The American approach to border security is similar to a concept in network security known as Network Access Control (NAC), whereby clients (such as PCs, PDAs and IP phones) are subject to a series of checks before being granted access to the corporate network. NAC is designed to prevent clients from accessing the network unless they have the latest operating system and application patch updates, contain no known threats such as viruses and conform to other security policies stipulated by the administrator. (For more information, please see Embedded Security, page 12).

The reasoning is straightforward. Why spend tens of thousands of dollars on network security products and services when a visitor can just plug his or her notebook into an RJ-45 jack, or connect to an internal 802.11 network, and gain access to your systems? Can you trust the contractor visiting for a few days, or the executive accessing the systems through a virtual private network from home, to take 15 minutes to manually check their systems to ensure they have all the latest patches, security updates and conform to all policies?

IT security vendors and network equipment makers say NAC is becoming more important not only because corporate networks are being accessed by partners, suppliers and employees working from home, but also because of the diversity of devices, including wireless handhelds, IP phones and smart phones. Do these other devices present a significant security threat to the network? Send us your opinion, at cnedit@itbusiness.ca

Share on LinkedIn Share with Google+