NAC, IDS cure medical school's security woes

By Andrew R. Hickey, News Writer 09 May 2006 | SearchNetworking.com

Digg This!     StumbleUpon     Del.icio.us

At the UMass Medical School, network security used to be a guessing game combined with a continual firefight.

Things would come up, and IT would react. That's how it went for the Worcester, Mass.-based campus. But things are changing. UMass Medical School recently added two lines of defense to its network to track down, identify and wipe out potential security breaches and troubles; and, using Dragon and Sentinel from Enterasys Networks, UMass Medical now takes pride in its beefed-up security.

"It's a problem with anybody's network," associate CIO Charles Desourdy said about security. "It's always more than you expect when you don't know what's out there."

Now, UMass Medical keeps its network and roughly 6,000 end users -- faculty, staff and students -- safe with Dragon Network Defense, an enhancement to Enterasys' Dragon intrusion detection and prevention suite and part of the vendor's Secure Networks portfolio. With Dragon, Desourdy can detect, isolate and remedy attacks that could potentially cripple the network, he said. Dragon is used in conjunction with the Dragon Security Command Console, which aggregates and analyzes security information from numerous devices while also providing reporting that can span the entire enterprise or focus on a single group of users.

Along with Dragon, UMass Medical also recently deployed Enterasys' latest security product, Sentinel, which offers network access control by preventing unauthorized or compromised devices from getting onto the network. Sentinel uses multiple authentication methods and assesses the threat level of devices attempting to connect. Because Sentinel is agentless, IT does not have to install and maintain the software on every PC on the network.

"This is sort of the last man standing that we have to deal with," Desourdy said.

One thing about UMass, he explained, is that current policy requires users to have a hardware router firewall at home in order to get onto the network. But the policy was tough to enforce because it was hard to prove who had what. In some instances, users had to provide a digital picture of their firewall before they were granted home access.

Now, Sentinel knows whether users are in compliance and can deny them network access if they are not using a hardware router firewall, Desourdy said. It also determines whether the machine has up-to-date anti-virus, spam filters, and other security software before access is granted.

Using Sentinel with Dragon, Desourdy said, gives a lot more than just peace of mind.

"You put it out there and it shows what's going on," he said. "It allows us to take a look and make sure we're clean at the other end."

For more information Learn about the difference between IDS and IPS Read about NAC and its potential confusion

Before, security problems were somewhat of an unknown, Desourdy explained. In the past, a user would report slow performance on a PC, and IT would probably discover that a virus or other problem had somehow crept in. Now, he said, those problems can be squashed before they get onto the PC, and if they do manage to slip through, the machine will be checked again before it's allowed onto the network.

Steve Hargis, Enterasys' director of Secure Network solutions, said Dragon can pick out traffic anomalies using behavior-based, deep packet inspection to detect patterns and look for changes, rather than simply looking for bad packets.

Where Dragon is reactive, Sentinel adds a proactive piece to the mix, said Royce Stegman, product manager of network management and security software.

"More things are connecting to the network," he said. "That means more opportunity for something to go awry."

Though Desourdy can't recall any major security breaches or problems before deploying Dragon and Sentinel, he now won't have to worry about the first time.

"We've not had anything happen here," he said, adding that continually deploying security tools is UMass Medical School's mission. "This is just the next phase of our layered approach. We're starting to phase it in."

Tags: Network Access Control,  Network Security Best Practices and Products,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Access Control Network security risks multiply when enterprises begin outsourcing Dynamic policy ensures faster, safer network for school district NAC appliance vendors: Can you depend on them? NAC integration at the endpoint Extending NAC enforcement to network security devices Integrating NAC with network security tools Network access control market crushed by economy, but future is bright Joel Snyder discusses Network Access Control Day at Interop Las Vegas Maturing NAC market gets its first Gartner Magic Quadrant Poor data-loss prevention practices almost cost Intel a billion Network Security Best Practices and Products 3Com acquisition confirms HP-Cisco battle for China Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer? Integrating NAC with network security tools Should organizations separate technical from administrative security? What network equipment is needed to secure a small business LAN? Ethical hacking and countermeasures: Network penetration testing intro Are you on a domain name system (DNS) blacklist database? Rogue access points: Preventing, detecting and handling best practices

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary network access control  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary