In-Depth

Regulations Spur Adoption of Network Access Control

Regulated companies are increasingly adopting NAC to screen network access, enforce security policies, and block malware outbreaks.

• By Mathew Schwartz
• 03/28/2006

Do your company’s mobile devices have carte blanche network access?

Today, many companies evince a laissez-faire attitude to securing their employees’ mobile devices. According to a recent survey of 404 IT professionals conducted by Launch Marketing Inc. for Mirage Networks, however, regulated companies are increasingly adopting network-access control (NAC) technologies able to intercept, quarantine, and clean mobile devices before they’re granted full network access.

In particular, half of respondents say they’re evaluating NAC as a way to prevent unauthorized network access, while 43 percent want to use it to enforce existing security policies as well as prevent malware infections. Interestingly, 39 percent want NAC to “keep users happy,” which three-quarters of companies say is more important than reducing the IT department’s workload.

Given NAC’s ability to proactively and automatically stop or isolate PC infections, however, about one-quarter of companies do anticipate the technology will reduce the IT staff’s workload. Perhaps not coincidentally, 22 percent of organizations admitted a worm, malware, or insider crashed their network at some point in 2005, resulting in hours or sometimes days of downtime. While most of the affected organizations wouldn’t estimate the resulting monetary damages, 18 percent did think they’d suffered damages of $1 million or more.

Defending Against Hot-Spot Dangers

While regulated companies are increasingly adopting NAC, many companies have so far eschewed such measures. In these cases, it’s up to employees to better secure their own mobile devices to prevent corporate or personal data from loss or theft.

When companies don’t manage mobile-device security, WiFi hot spots—wireless connectivity points—are a particular concern. Nationwide there are now over 100,000 such locations in cafes, hotels, and airports, and users rely on them for checking e-mail, swapping IMs, and staying productive. Yet hot spots are a risk for enterprise users connecting to the corporate LAN, since attackers can sniff the wireless packets, especially if the hot spot and PC aren’t properly configured to use the latest WiFi security protocols.

How can employees of companies that don’t manage mobile-device security better protect themselves from such threats? Rescuecom, a computer repair and technology services company, offers these six tips for using hot spots:

• Get a firewall: Install a personal firewall on the PC to protect the information it stores



• Go premium: Consider using hot spot access for which you must pay, since attackers are less likely to run up the meter at paid sites



• Don’t share files: Deactivate “file sharing” in your PC’s control panel (see “folder options” or “network connections” to do this) so other hot-spot users don’t get direct and surreptitious access to your files



• Use a VPN: Request VPN software from your corporate IT department to encrypt all communications between laptop and corporate LAN



• Update antivirus software: Ensure your antivirus software license is up to date to get the latest signatures, and always update those signatures on a regular basis to prevent infections on other computers using a hot spot from automatically exploiting your PC



• Watch Windows: Pay attention to Windows Update; some companies disable Windows Update on their users’ PCs in favor of a different Windows updating stratagem; immediately run available updates

Beyond such technology tips, Rescuecom also advises users to restrict their hot-spot activities accordingly:

• Don’t stay connected: Deactivate wireless connectivity when not needed, which will better protect your PC from wireless attackers



• Avoid the financial: Don’t do any financial-related tasks when logged into a hot spot unless the Web site in question sports an SSL-encrypted connection



• Watch what you e-mail: Don’t send private or sensitive information over a wireless connection.

Of course, mobile users frequently do have to use hot spots to e-mail documents containing sensitive corporate information. In these situations, Rescuecom recommends planning ahead: agree on a password with all document recipients, then password-protect any files e-mailed via a hot spot.

Related Articles:

• The Shape of Endpoint Security to Come
• Beyond Malware, SOX, and Data Breaches: The 2006 Security Forecast