Kim Cary

Oct 07 2010

5 Tips to Develop a Network Access Control Strategy

Advice for creating a strategy that meets today's security threats.

Use these five tips to develop a network access control strategy that meets today's security threats.


Many universities have homegrown network security systems that consume resources and struggle with today's sophisticated threats. The following tips are lessons learned from our experience deploying a modern network access control system at Pepperdine University.

Show leaders why your institution needs a network security strategy. Malware poses a real and growing threat to your institution's reputation and your students' personal information. A decade ago, viruses were often written by bored, bright young people looking to cause mischief. Today, criminal gangs employ highly educated programmers from countries with struggling economies to write software that steals information for profit. Higher education is an especially attractive target to these criminals for two reasons. First, universities have concentrated stores of valuable identity data, intellectual property and government research. And second, the university culture of academic freedom requires an open environment that complicates traditional security approaches. Show leaders which exploits are active on your campus now, the potential cost of not addressing these threats, and where your network security system fits in a strategy to safeguard student identities and the university's reputation.

Define requirements for security and usability in network control. Use your understanding of the culture of your organization and catalog what people expect in terms of usability – then meet or exceed those expectations. We found that enrolling in any security application had to be as easy for users as bringing up a web page. Also, when we block users, our reasons for blocking them, as well as what they need to do to become unblocked, must be clearly explained. Pepperdine's beautiful Southern California campus is the site for many conferences and other events, so it is important that we make it easy for our guests to access the web.

Get the IT staff to buy in early. The people who operate at the network infrastructure level, as well as those who assist end users, must take an active role in product selection. Create a product selection team that includes security, network engineering and client services staff and challenge the group to decide by consensus. While reviewing products, encourage the network and client services members to explore what the new system can do to make their work easier and more effective.


The percentage of U.S. web surfers who have fallen victim to cybercrimes, including computer viruses, credit card fraud and identity theft

SOURCE: Symantec study of 7,000 web users

Give users a test period for signing up on the system. At Pepperdine we put the system in trial mode before we went live. This was key to driving user acceptance. As we rolled out network access control we gave users in each building two weeks to register their computer with the new system before the deadline, at which point they would be required to register to gain network access. We then provided a feedback e-mail every few days congratulating those who registered their computers.

Take advantage of available metrics. Any good network access control system will provide performance statistics. You can find out how many computers are at risk, blocked or registered with the system, along with other information, including a breakdown of systems by role, type, location, operating system and whether the connection is wired or wireless. Actively communicate your security successes in the form of statistics and case studies to the administration and your IT peers, explaining any failures and how you solved any problems.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT