Security's Everyman

Security's Everyman

Wednesday, June 18, 2008

The nick of NAC gave me a paddy whack

Sorry for the title, but I just couldn't resist.

We're deploying a NAC solution at work. It's been a long process that is finally starting to see the light of day. We set up a small test environment and after successfully completing that phase we decided to roll it out to a larger test environment. Our engineer who is leading the project realized that there were a couple of potential snags with our current environment and that we may have to alter our test a bit. After much thought and discussion we decided that we didn't want to make that change. It would have been different than our "go live" deployment scenario so we felt that it wasn't a valid test. So the engineer continued to research and we decided that using a different switch for the test environment would not compromise our test plan too much. So it was set up and deployed to a larger test group.

While the testing was going on the engineer continued to work on what would be the  "live" environment. He was successful in getting one of the switches to work with the NAC setup but the other two switches that we were use wouldn't work. Everything was the same on the switches. Firmware, software version, code versions, everything but for some reason the switches wouldn't communicate with the NAC device. So the engineer decided to go ahead and move those of us on the old test switch to the new switch. In doing so he failed to complete part of the change and so those of us in the test environment were not prisoners of NAC. We could do absolutely nothing. Then to top it off the engineer went on vacation.

Luckily it didn't take long to figure out what had happened and we put the original switch back in the mix and got us all back up and running. Hmmmm, another potential disaster in the making for those who aren't adequately prepared for ALL potential issues.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.