NAC

[A.L.M.Buxey at lboro.ac.uk]

Hi,

> Right, but machines on a residential network are generally going to be 
> personal machines, I for one would protest greatly if I was forced to 
> install an AV solution just to use the network in my halls of residence. 

our terms and conditions state that an AV solution must be installed
on such systems. the users are free to choose their own one
if they want to, or they can freely install a fully managed 
McAfee AV with the anti-spyware module for free as part of the
service.  we dont want to be a breeding ground for external attacks,
we try to protect our students from losing all their coursework due to 
an MSN installed trojan or virus and we want to instill them with
a bit of knowledge of protecting their computers. whilst they're
here, their systems are a little more 'looked after' from the net.
when those machines go home for holidays etc they will be largely
wide open to attack....we didnt like the huge surge of bad traffic
after the holiday season when their systems came back with more
diseases than i would have if I went down to the Congo with not a 
single jab and a penchant for swimming in the local rivers.

we've looked at various NAC systems over the past few years and
although its very desirable for systems to 'pass a test' before
they are allowed on the main network (imagine you start on a 
side road...you havent got AV..install AV..get onto main
road..you are not patched...patch system...get onto motorway)
none of the current solutions were desirable for various niggling
issues - and for simpler reasons such cross-platform
support, dealing with dumb systems etc.

alan