Secure the LAN in Phases
You’re thinking about network access control and how to make your LAN secure. You’re hearing you can control users by application, location, and transaction. So many policies - where do you start?
Start small, and start simple. The following steps can get you started on simple network access control today and let you grow into more fine-grained controls.
1. Be transparent and avoid pain.
Look for solutions that let you leverage your existing systems wherever possible:
Infrastructure – avoid unnecessary upgrades, including the need for 802.1X everywhere. Forget configuring VLAN and ACL policies in every wiring closet. ConSentry just drops into your existing LAN.
Users – retain existing user behavior and processes, such as how they log onto the LAN. ConSentry watches users log in and leverages that information transparently.
Identity stores – leverage existing systems and use information stored there to automatically learn users' roles. ConSentry works with Active Directory, RADIUS, and LDAP.
2. Start small – focus on what you know.
Start with the most at-risk users and implement a few basic network access control tools:
Users – think about which users present the greatest vulnerabilities. Good starting points are guests, contractors, wireless users, and VPN users.
Authentication – you need to authenticate users to know their role and whether they should be admitted onto the LAN.
Posture check – decide if you want to scan machines coming onto the LAN, checking for adware or spyware, updated anti-virus and anti-spam software, and current OS patches.
Basic policy – for example, guests can reach only the Internet and cannot run IM, contractors can reach only the servers they’re contracted to support, and employees can go anywhere on the LAN.
Malware containment – it’s built in with ConSentry, so there’s nothing to configure or think about. You just get one more level of protection for free.
3. Learn more – figure out what you don’t know.
Let the inline device use network access control monitoring to show you what's happening on your LAN:
Visibility – learn what applications are running over your LAN and how popular they are, which users are going where, who’s routinely accessing critical financial servers. Once you build a picture of the transactions making up your business, you can look at what makes sense to allow and what should be denied.
4. Go granular over time – broaden and deepen your policies.
Once you've learned how your LAN is being used, look at how more granular policies might tighten your network access control:
Granular policies – for example, only HR staff can access personnel servers, or fund transfer applications are off-limits when the bank is closed.
With these simple steps and the ConSentry platform, you gain the network access control features you need today with low cost and low complexity. But the platform can migrate with you to more sophisticated controls as appropriate in your LAN. Build for today with a platform that can get you through tomorrow.
|
»
