7.8. Help! (Desk)

Although you probably won't have the helpdesk team actively involved in the evaluation of and decision making for a NAC solution, you will certainly need to involve them after you start testing, piloting, or deploying the NAC solution in a lab environment, in phases, or (gulp!) all at the same time on the organization's existing network environment.

Users see your helpdesk as the first line of defense, so naturally you should involve the helpdesk team in your NAC solution. If a user attempts and fails to access the organization's network, which they've been accessing successfully every day for several years, who do you think they're going to call? The helpdesk team.

Who do you think the CEO calls when the new NAC solution kicks his or her laptop off the network because that laptop's antivirus automatic protection is disabled or its operating system patches are out of date? He or she calls the helpdesk.

Get on the good side of the helpdesk team by lab testing or piloting the NAC solution first, and involving the helpdesk team in the process. Involve your helpdesk team by

  • Setting up and deploying the solution

  • Creating new or repurposing existing policies

  • Knowing to stage, operate, and use the NAC solution of choice

  • Staging and deploying the lab test or pilot of the NAC solution, so that they can observe the NAC solution being deployed and in action, and even become familiar with the NAC solution by using it.

If the helpdesk can't answer a user's question (for example, the question or issue requires greater knowledge or more in-depth investigation), the helpdesk team usually falls back on the subject matter experts (SMEs) in the various teams familiar with the device or service that's generating the questions or issues. So, if the helpdesk team isn't properly trained on or sufficiently comfortable with the NAC solution, not only can the breadth and depth of support calls from their user base easily overwhelm the helpdesk, but the teams involved in the NAC solution decision and deployment can expect to lose precious time helping the helpdesk team answer questions and solve issues that they are unable to answer — because the helpdesk team didn't receive proper training about the NAC solution.

NOTE

The helpdesk can not only help users, but also the teams involved with the deployment. Make sure you get the helpdesk team involved in the NAC solution process!

Get an audit

You can ease the potential pain of the helpdesk team by initially deploying the NAC solution in audit mode. Most NAC solutions include an audit mode — although that mode may have a different name, depending on the solution. An audit mode simply is a way to implement NAC without turning on enforcement, which includes quarantine, remediation, or active enforcement (such as not granting a non-compliant device access). An audit mode can actively enforce only the authentication and authorization NAC functions, to ensure that only authenticated users can access the network or any protected resources.

Audit mode can really help users by easing them into the capabilities of network access control, revealing whether they and their endpoint devices are compliant or non-compliant with organizational security and access control policies, and showing how the NAC solution reacts if they or their device are out of compliance. Audit mode can help make the user comfortable with the deployed NAC solution.

Audit mode also helps the helpdesk. Instead of being deluged with calls from frustrated, screaming users who can't access the network or the network resources which they usually can, the helpdesk team can work directly with the users whose devices are the most out of compliance or who have the most issues when trying to access the organization's network with the newly deployed NAC solution. The helpdesk team can get those users' devices into compliance with policies and address the users' access issues. Deploying the NAC solution for an initial time period in audit mode can ensure that the NAC solution catches nearly all the endpoint devices connecting to the organization's network that are out of compliance with the organization's access and security policies, brings those devices into policy compliance without trauma or consternation, and exposes users to how the NAC solution will work going forward. Most NAC solutions provide users — and, sometimes, the helpdesk — with messages about why a user or device was non-compliant and how to remediate the device to bring it back into policy compliance. Some NAC solutions also notify the user and/or the helpdesk about what the user needs to do in the future to ensure the device remains compliant.


..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.128.78.30