portnox - checklist

When one looks for a NAC solution prerequisites have to be met and honest questions have to be asked in each step of the decision making process, from the planning stage to the deployment, management and the availability; all in order to end up with the right NAC solution for your network.

P01	Can the solution provide adequate coverage to 100% of network devices?
P02	Is a physical presence necessary at each deployment for proper assimilation or, can same be achieved from a central location?
P03	What is the length of time needed for complete and successful assimilation in an organization such as yours, and how does it translate to man hours and dollars & cents?
P04	Is there any action of regulatory allocation necessary for the solution following the assimilation?
P05	Is the product capable of utilizing the existing communication infrastructure? If it is capable, how, and under what conditions. Also which product manufacturers are listed as compatible?
P06	Is the product compatible with virtualization technology & devices? If so, how and what is involved?
P07	How does the system respond to and handles the use of network HUB devices?
P08	Does the product rely or using an external protocol for enforcement? (i.e. 802.1X or, DHCP)
P09	Is there the danger of disrupting the system by having Administrative rights of the user at the end station?
P10	What level of certification and experience are required to properly operate the product?
	--------------------------------------------------------------------------------------------
D01	Is there the need to implement any software agent at the end station level?
D02	Which are the verification methods for device identification? How many methods are there and can they be combined?
D03	What are the recommended enforcement methods?
D04	Can the product Security Policy enable resolution at the device level, at the user?
D05	Does the product offer anything to IP based telephony in particular? How?
D06	Is there the need for a designated hardware for implementation?
D07	What alterations and changes at the Network level are required for the product implementation?
D08	Is it required to import a list of devices or a user list from External resource for the deployment or basic operation?
D09	Is it required to define a sort of ‘system baseline’ prior to enforcement?
	--------------------------------------------------------------------------------------------
M01	Which management tools does the product provide?
M02	In what manners does the solution interfaces with the existing SOC frameworks?
M03	What kind of report mechanisms is offered / avaliable?
M04	Which type of external integration is offered?
M05	Is there a Role Based Access Control at the interface level so that each zone is managed separately?
M06	Is there a change in the organizational processes or flow required?
M07	Can the system be triggered via a third party device?
M08	What kind of audit mechanism is available with the solution?
M09	What level of certification and experience are required to properly manage the product?
M10	Is it possible for the product to interface with the existing PCM in the enterprise?
M11	Does the product have a centralized management & control capability?
M12	Does the product provide information regarding users or, is it limited to computer devices only?
	--------------------------------------------------------------------------------------------
A01	Is a built in fault tolerance mechanism incorporated into the product?
A02	How will the network respond in a case the proposed solution fails?
A03	How can the system be circumvented / bypassed?
A04	What type of hardening or restrictions is available for system secured operation?
A05	Are there any internal audit mechanisms available with the solution?

These are but a few pointers to consider, and basic questions to ask oneself at the time of searching for the most suitable NAC approach.

We welcome any further questions you might have on this subject.
Just contact us at tellus@acesslayers.com