Network Access Control is a security technology that school IT leaders ideally don't have to spend a lot of time on. "The beauty of NAC is that it's mostly invisible," says Matt Scully, director of technology at the 1,550-student Providence Day School (PDS) in Charlotte, N.C. "When it's doing its job, you don't even notice."
That's certainly been the case for PDS, which has been implementing its NAC solution in phases over several years. "Five years ago, we had 500 computing devices on this campus," Scully explains. "We now have 900, with more and more kids bringing their own hardware to school. We needed a way to segment our traffic so students could be online without bringing down the whole network. We wanted a controller that would be robust, stable, flexible and scalable, that would allow us to grow into what we've been doing with digital learning and manage devices we didn't even know existed."
The IT department didn't have to look far. The bulk of the K–12 school's networking and communications infrastructure is composed of Cisco Systems technologies, and after seeing the Cisco Network Admission Control appliance in action at the company's Technology Center in nearby Research Triangle Park, team members were convinced that the investment would serve PDS well.
The comprehensive solution combines role-based authentication, vulnerability assessment, policy enforcement and distributed remediation in a single appliance, making it easy for network administrators to authenticate, authorize, evaluate and remediate users and their machines before those users are allowed on the network. "Our goal," Scully says, "is to balance network security and performance with ease of use."
To that end, the Cisco NAC is physically set up with two masters and two servers, says Network Administrator Kevin Todd. "They're paired, so if one goes down, the other kicks on."
When a user attempts to connect to his or her respective network, the NAC agent prompts them to log in and then checks the computer to ensure that "it's up to the standards that we have defined," Todd continues. "If it is, the user is signed in for the day and has whatever Internet access the network is configured to afford him. If there's a problem, we address it, but the NAC rarely denies service."
As Scully sees it, Network Access Control is crucial to any school's network security plan. Today's educators and students do a lot of things where they need to be online, he says. "If we couldn't control the devices that are on our network, we couldn't provide the type of stable environment that's necessary to support instruction. Cisco NAC is the big silent guardian that's protecting our network. It's just not a choice not to have it."
IT Voices on Network Security
"We had a staff member whose computer kept blocking a student's flash drive. It turned out the drive had a virus, and Trend Micro OfficeScan was stopping the drive because it was infected. We were able to clean the drive and remove the infected file so the student could access her work. This is a prime example of why endpoint security is really important."
— Michael Clark, Help Desk Technician, Battle Ground (Wash.) Public Schools
"We had issues in the past of not knowing where people were going on the Internet. When I became network administrator, I made purchasing SonicWALL content filtering and next-generation firewall products my first priority. I'm now able to not only control where people can go with a mouse click, I can also see what's happening."
— Thomas Gawczynski, Network Administrator, Crete-Monee School District 201-U, Crete, Ill.
"Students and staff prefer to use the device of their choosing — not one provided by the district. Network Access Control is the critical component that ensures these devices can join the network safely and securely. It also acts as a traffic cop, deciding where users and devices go and what they can access."
— Jeff Crawford, Manager of Networking and Security, East Grand Rapids (Mich.) Public Schools