Using NAC as a teaching tool
Astrium NA will also avoid opportunities to use NAC to control access to applications or other systems because it works well enough in its current format and the firm doesn't want to add more complexity to its system, Owoc said.
"I don't think NAC is something that can be part of a product that is trying to be all things to all people. In our experience, those types of products don't work as well as dedicated products that do one thing well, so we'll stick with best of breed," said Owoc. "I don't want to add any other functionality like applications access because it's not something we need right now, and it could just prove to be a huge performance issue."
At Binghamton University in New York, home to more than 13,000 students and faculty members, Network Administrator Joe Roth said that the school was in desperate need of a better method for keeping malware from finding a way onto its network.
Unlike a business, the university is forced to admit machines that it does not own or control, and students were continually dragging unwanted programs onto the school's network that they had picked up on their computers in other places, Roth said.
After fighting its way through several major virus outbreaks, the school decided to install NAC applications made by Bradford Networks in 2004. Since that time, the institution has saved a significant amount of time and money that it was previously forced to exert to deal with the repeated outbreaks, he said.
"We were spending a lot of time trying to clean things up, and we needed to have some way to ensure that when a student tries to connect to the network, we know who they are and what they're doing, and make sure that they're not spreading infections to us," Roth said.
"I won't lie, [NAC] is a large system to get your head wrapped around, especially when you think about working with networks in a more traditional sense, doing switching and routing," he said. "If it is going to work you have to understand what is going on with your network, how it will interact with a client PC in terms of what types of anti-virus they have, but we've made it work."
As with Astrium NA, Binghamton isn't planning to take NAC in any cutting-edge direction, but it does continue to roll out the system to include additional users, such as its faculty members, and it has begun using the system to grant wireless access to students on campus.
One of the greatest benefits of using the system, in addition to allowing the school to better enforce its security policies, he said, was that it has made Binghamton's undergraduate community far more aware of the realities of today's computing environment and the nature of malware attacks.
"We're a teaching institution, and I think this is actually some valuable experience that our end-users are going through, as they're going to have to deal with this type of thing as they head out into the workforce," said Roth. "Every year when the students come back, we find that a lot of them don't even know what anti-virus is about or the threats themselves, so it has value from an educational standpoint as well."