NAC useful for regulatory compliance when mixed with a strong security strategy

Network Access Control This newsletter is sponsored by Juniper Networks Never close your office Your network never stops, why should your business? Extranet portals deliver anytime, anywhere access to clients and partners. View this Webcast and learn how they deliver a competitive advantage and hear a real-world case study from a healthcare IT CEO on how they work in the real world. Network World's Network Access Control Newsletter, 07/03/07 NAC useful for regulatory compliance when mixed with a strong security strategy By Tim Greene A reader responding to the last newsletter about how NAC might help meet certain regulatory requirements asked how that might work. The reader wrote: “I do not see how a machine that is running a firewall, is fully patched and is running a current [antivirus] product applies to any of the regulatory or compliance laws like SOX, GBLA, HIPPA, PCI or FRCP.” First off, just to be clear, NAC is not a complete answer for complying with any particular set of regulations. Most compliance plans are pieced together using a range of security, recording, reporting and auditing technologies. Get Everyone from the CEO to the MySpace Generation to Support Your Security Plans. September 10-11, 2007 | The Fairmont Chicago How do you get everyone from the boardroom to the mailroom to comply with your security initiatives? Come collaborate with peers on critical business topics like this at The Security Standard-the only business summit for senior security executives. For the latest in planning and management strategies. Click here for more details. Click here for more details But one NAC customer says he uses NAC at least in part to help meet some of the obligations HIPPA places on his business. He says he relies on it to identify individuals logging in and linking those identities to a machine to have better assurance that it really is an authorized user accessing sensitive patient information. In addition the NAC gear grants individuals access only to VLANs specified by NAC policy rules. This arrangement enables his business to control what resources users have access to. Only people who absolutely need to access sensitive data to perform their jobs get access to it. The NAC gear enforces this for LAN-attached machines as well as those accessing via a VPN used by employees working remotely. All of this is useful in demonstrating to regulators that his business is maintaining the confidentiality of patient data, he says, and has come in useful in demonstrating compliance during security audits. So NAC can be a useful tool in complying with regulations when mixed in with a strong, overall security strategy.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. The $2.3M home lab of Quadruple CCIE 2. Top 25 'iPhonies' 3. Harry Potter worm says he is dead 4. Withdrawn Black Hat paper hints at security flaws 5. iPhone buzz reaches to Microsoft's back yard 6. Lawyers show how to avoid hiring an American 7. 3Com to spin out TippingPoint 8. IPv6 D-Day is coming up fast 9. Gartner to IT: Avoid Apple's iPhone 10. Hackers target C-level execs and their families MOST E-MAILED STORY: How MySpace is hurting your network

Contact the author: Tim Greene is a senior editor at Network World, covering network access control, virtual private networking gear, remote access, WAN acceleration and aspects of VoIP technology. You can reach him at tgreene@nww.com. This newsletter is sponsored by Juniper Networks Never close your office Your network never stops, why should your business? Extranet portals deliver anytime, anywhere access to clients and partners. View this Webcast and learn how they deliver a competitive advantage and hear a real-world case study from a healthcare IT CEO on how they work in the real world. ARCHIVE Archive of the Network Access Control Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: networking.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007