Network access control will save public money in Nottingham

By Ron Condon, UK bureau chief 27 Mar 2008 | SearchSecurity.co.uk

Digg This!     StumbleUpon     Del.icio.us

Up to now, their choice has been limited because the City Council's networks will only allow access to its own users' computers which it knows have been properly configured and equipped with the right security. Allowing unchecked computers to connect was just too risky, according to Dan Smith, the Council's principal network and security officer. "Our network contains sensitive data about hundreds of thousands of citizens, as well as confidential information about various government projects, so security is absolutely critical," he says.

The result has been that some Council buildings have several dedicated connections to each of the outside agencies, which as Smith says, is a waste of public money.

But now he is about to introduce a new system that will allow visitors to work safely on the City Council's networks and access their own systems without a problem. Smith is currently in the final phase of testing a new network access (NAC) system that should start to be rolled out by the end of April, and which will provide the mixture of flexibility and security he needs.

Supplied by Sophos in a £250,000 deal covering not only NAC but also email security, the system will allow the City Council to provide access to anyone with a PC, provided it meets the requirements laid down in the NAC policy guidelines. In practice, that means having up-to-date anti-virus running, security patches and a firewall installed, and no forbidden applications, such as P2P file-sharing.

Smith says the system will not only provide security and flexibility for users, but will also make better use of public money by removing the need for each outside agency to have a dedicated outside connection.

"At the moment we could have up to four different network connections in some of our buildings," says Smith. "There is no reason why primary care trusts and other agencies should not use the office with their PCs, as long as they are pre-configured to a standard, and be allowed on to our network. They can use our network to get back to theirs, still with firewalls in place to control access, so there is no danger of losing sensitive information. This is a move towards shared services and joined-up government."

At the moment, the system is running just in the IT department with around 100 users testing its capabilities. So far, the deployment seems quite straightforward, says Smith, and he plans to start moving it out to departments by the end of April, with the ultimate aim of providing protection to 7,000 users across the City Council's 180 networked sites. A future release of the Sophos NAC will provide new features such as USB port control, and Smith is also keen to start using that as soon as it becomes available, to manage and monitor what gets copied on to portable devices.

In a later phase of the project, in a new City building, he plans to have hot-desking facilities for different public-sector workers, all sharing the single network infrastructure.

Smith says he talked to a number of NAC suppliers but went with Sophos mainly on price. "Other vendors were asking a lot more money. We were offered a very good deal," he says.

He says his business case went beyond what benefits the City Council would derive. "My case was that it would be a money-saver for all of us in the public sector. For any network connection, you're looking at 15 to 20 grand over a five year period, so just getting rid of three dedicated connections would save £60,000 of public sector money."

As part of the project, the whole of the council will soon move to a single Microsoft Active Directory (it currently runs multiple Microsoft and Novell directories), and that means everyone will come under a single global structure that can be centrally managed and that will provide an audit record of who logged on and what they did.

Smith concedes that details of how guest access will be distributed to visitors, especially to the police who "are proving a slightly tougher nut to crack", still need to be ironed out, but as far as the technology is concerned, he is confident it will make network management and security a lot easier.

Tags: Endpoint and NAC Protection,  Virtual Private Network Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Endpoint and NAC Protection Considering two-factor authentication? Do cost, risk analysis Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Voice data security risks on the rise, say experts The value of booting from a VHD in Windows 7 Thin-client technologies surge thanks to easier security, says Deloitte A closer look at Internet Explorer 8 security features USB drive security best practices and processes First step in forensics: Create a bootable Windows environment CD Protecting enterprise networks from new mobile application downloads Four things to remember about server virtualization security concerns Network Security Management How to keep tabs on BitTorrent Network telescopes: a vital tool in beating threats Covert channels could be funneling data out of your company Royal Holloway University of London MSc thesis Series NAC market failures spark some aggressive marketing Can CCTV camera security systems stop employee theft? Tor network 'bridges' help evade blockers Healthcare org eases compliance with network monitoring Arbor-Ellacoya deal melds security with broadband Virtual Private Network Security Expert calls SSL protocol vulnerability a non issue DNSSEC deployment challenges can be overcome How to integrate the security of both physical and virtual machines Companies tackle iPhone security with remote access features Q&A: Paul Dorey on DLP, deperimeterisation How to patch Kaminsky's DNS vulnerability Network telescopes: a vital tool in beating threats Covert channels could be funneling data out of your company Jericho Forum discusses deperimeterisation, COA guidelines Reading FC keeps email under control

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Computer Misuse Act 1990  (SearchSecurityUK.com) Regulation of Investigatory Powers Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary