7.1. Analyzing the Terrain

Deploying a NAC solution — in most cases — involves more than simply plugging the solution in and letting 'er rip. Deploying a NAC solution can mean dealing with managed user endpoint devices, such as laptops that the organization owns and operates, and that employees use; and unmanaged devices, such as devices that guest users (including contractors and partners) own and operate.

In some instances, organizations don't provide employees with endpoint devices, instead giving employees a budget and allowing them to pick their own devices. So, how do you control and manage devices in that sort of situation?

In some organizations, you will have to deal with endpoint devices that really don't belong to any particular owner. These devices have an IP address on the network, and users may share the devices. Many industries operate in this manner, with devices passing between employees from shift to shift. Although your organization manages (meaning it owns and maintains) the devices, different users can run into different issues, require different policies that they need to adhere to, and so on.

The unmanagables

Some devices that have no clear owners — and may be used and shared by many users — may not be able to accept downloads or identify themselves to a NAC solution in the way that a desktop PC, laptop, handheld, or other user-driven device can. You can categorize these devices as unmanageable because no particular, individual user manages, meaning owns ...

Get Network Access Control For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.