Sophos

What's your NAC IQ?Find out in this quiz

With the constantly evolving nature of threats and the increasing mobility of the workforce, organizations are asking what Network Access Control (NAC) can do to improve security.

Take this quick quiz to find out what you need to know.

1. The endpoint has become the weakest link in security.

You chose True.
You are correct!

You chose False.
You are incorrect

The threat environment is rapidly evolving. Malware was originally about creating headlines and notoriety, so threats were noisy and visible. If you compare that to today's threats, the risks are very different. Attacks are becoming better targeted and are multiplying rapidly. Cybercrime generates major revenue, which the FBI estimates at a total annual cost of $220 billion to businesses globally.

At the same time, access needs are also growing. The network perimeter has dissolved as end users are connecting to the network from anywhere. End users are becoming more mobile as time goes on, increasing the risk to organizations. A Forrester survey indicates that 63% of North American companies will increase their use of laptops by mid-2008.

The endpoint is the weakest link in security. Organizations need to ensure all computers connecting to the network have protection and adhere to both corporate acceptable-use policies and government-mandated policies.

2. NAC is only a concern for the network team.

You chose True.
You are incorrect

You chose False.
You are correct!

The growing risk from threats and increasing mobility of the work force are concerns for many teams within an organization. Each team has particular NAC problems that need to be solved. A NAC solution must be versatile enough to solve each of these problems.

Security teams (CISO/CIO) must identify security risks, control access, and ensure network performance and availability. Desktop teams must ensure computer health and compliance to maintain user and business productivity. Network teams must stop any unwanted access to the network. They need a solution that works today - without network upgrades. The solution should maximize the lifecycle of existing endpoint applications.

3. Employees should all adhere to the same NAC policy.

You chose True.
You are incorrect

You chose False.
You are correct!

A robust NAC solution provides the ability to define security and acceptable use policies. It also allows you to define enforcement actions for individual groups of users. For example you can create a policy that checks to make sure your CEO’s antivirus is always up to date, and if it is not, you can update it without ever bothering the CEO.

You could also create a policy for your sales team to make sure they are running all the security applications you purchased for them. This policy can check that the applications and operating systems are up to date, and that the salespeople are not running any non-work related applications such as Instant Messaging or file-sharing applications.

You could even have different policies defined for contractors, consultants and guests. A NAC solution with user-based policy definition provides you with the flexibility to create as many distinct security and acceptable-use policies as you wish.

4. It is impossible to prove that non-company owned computers conform to a company's security and acceptable-use policies.

You chose True.
You are incorrect

You chose False.
You are correct!

For non-company owned (unmanaged) computers you may not be able to dictate that they run the same anti-malware and personal firewall applications you use. You can, however, create a policy to check for any anti-malware or personal firewall applications and ensure these are installed, running and up to date.

Your policy can also check to ensure required patches are installed and that prohibited applications are not present - just as you can for company owned (managed) computers. When unmanaged computers do not meet your standards, you can message the user and inform them of the actions required to bring their computer into compliance before permitting access to your network.

A NAC solution must ensure any and all computers conform to your defined security and acceptable-use policy whether your company owns the computer or not.

5. The goal of any NAC solution is to block all computers which don't comply with policy.

You chose True.
You are incorrect

You chose False.
You are correct!

The key to success is in the underlying assessment and subsequent remediation processes for non-compliant computers. Quarantining or blocking access is the last resort, and different scenarios need different approaches.

For company owned computers, you don't simply 'control access' but establish rapid compliance by taking automated corrective measures in order to maintain user and business productivity. For contractors, consultants and guests, you should quarantine access and notify users of non-compliance so they can correct it. With any unauthorized computers, you should block access to company resources.

Compare Symantec and Sophos

Congratulations!

All your answers were correct. You have a knack for NAC!

Find out all you need to know about NAC with free white papers, NAC for Dummies book and customer profiles.

Compare Symantec and Sophos

You got 4 out of 5 - Almost there!

You understand some of the issues that surround NAC. We can help you learn more about protecting your networks against risks from unmanaged, unauthorized and guest computers.

Find out all you need to know about NAC with free white papers, NAC for Dummies book and customer profiles.

Compare Symantec and Sophos

You got 3 out of 5 - Almost there!

You understand some of the issues that surround NAC. We can help you learn more about protecting your networks against risks from unmanaged, unauthorized and guest computers.

Find out all you need to know about NAC with free white papers, NAC for Dummies book and customer profiles.

Compare Symantec and Sophos

You got 2 out of 5 correct

Don’t worry. Sophos simplifies NAC by using automated policy management to reduce the risks of security compliance. Want to learn more?

Find out all you need to know about NAC with free white papers, NAC for Dummies book and customer profiles.

Compare Symantec and Sophos

You got 1 out of 5 correct

Don't worry, we can help. Sophos simplifies NAC by using automated policy management to reduce the risks of security compliance.

Find out all you need to know about NAC with free white papers, NAC for Dummies book and customer profiles.

Compare Symantec and Sophos

You got 0 out of 5 correct

Don't worry, we can help. Sophos simplifies NAC by using automated policy management to reduce the risks of security compliance.

Find out all you need to know about NAC with free white papers, NAC for Dummies book and customer profiles.