A total of eleven regional offices of the UNFPA (short for United Nations Population Fund) use NAC (network access control) in order to protect the safety of the core network which is based in New York. What this means is that although a machine can try to access the network from any part of the world, it will only be granted access if it is compliant. All non-compliant machines are simply locked out.

"I had a few incidents, not many but a few, where people would come in from the field with machines that came back on the network that were heavily infected with viruses. I needed to do something that would apply policies from the user level down to the machine level and lock out [non-compliant] machines," says Douglas Concepcion, network infrastructure security specialist, as cited by NetworkWorld.

In the past the UNFPA had just one office, located in New York City, so ensuring the network stays safe was a relatively easy task. Nowadays there are offices all over the world, and since the employees from said offices require access to the core network, the threat of remote access infection has increased considerably and has become a serious issue.

According to Douglas, there are several security problems that he must tackle. First of all, any source of infection must be detected, and the machine responsible for it must not be granted access to the network. Secondly, visitor laptops must be identified and given limited data access. Last but not least, steps must be taken to protect against viruses, Trojans, and other malicious software that attempts to propagate with the aid of VPN connections.

Four vendors of NAC solutions were taken into consideration, and in the end Douglas decided to pick ForeScout Technologies. "I liked that it worked in line and out-of-band. The out-of-band I really liked because I didn't have to touch anything else in the infrastructure. You can shoot basically a firewall policy down to every user," says Douglas.

The ForeScout CounterACT will ensure that all machines on the network are running on an updated and fully patched operating system and security software. In the case of UNFPA, the operating system used is Windows XP, while the security software is provided by Symantec, which has recently released the Beta versions of Norton Antivirus 2009 and Norton Internet Security 2009.

You can download the Beta version of Norton Antivirus 2009 here.
You can download the Beta version of Norton Internet Security 2009 here.