Customer Needs Assessment
Evaluate the Existing Network Environment
Knowing the OSs being used on your network has two purposes: First, you can determine which OSs support 802.1X, which is required for the highest level of network access control security. For example, Windows 2000 requires Service Pack (SP) 2 for 802.1X support. (If you are not familiar with 802.1X, see Chapter 1: “Access Control Concepts.”) Windows NT and Windows ME, on the other hand, do not include an 802.1X supplicant. If you have these legacy OSs, note the locations where they are accessing the network and the switch ports used.
Second, you can determine if your endpoint integrity solution supports the OSs used on the network. You can also identify the tests available for each OS.
In addition to listing the OSs running on workstations and laptops, you should list the applications that users are accessing to complete their work. For example, what Web browser are they using? Are they using applications such as Instant Messenger (IM) for work?
Again, work with users to get a comprehensive list of the applications they are using. IM provides a good example of the kind of problems that might occur if you do not know all of the applications users need. Because IM has become a target for hackers and virus writers, you might understandably want to prevent users from accessing it. You might write your company’s security policy to prohibit use of IM and then configure your network access controller to block it. When you roll out your solution, however, you might find that certain users rely on IM to communicate with one another. In addition to annoying users, you might actually decrease these users’ productivity. And you will have created additional work for yourself and your team because you must spend time calming down users and then reconfiguring your network access controller to allow access to IM.
For both tax purposes and software license audits, your company may have records of its workstations and laptops and the associated OSs. Even if such records are not completely up to date, you can use them as a starting point.
You may then want to establish a committee of users or contact the administrative assistant in each department to help you update them.
You can use Table