I regularly pose the following question to customers: “What is the most prolific point of vulnerability in your company’s IT security?” Depending on who I am speaking with, I get different answers. System security folks refer to applications or PCs in general. Risk management teams may refer to the employees and cite education and awareness as the concern or data walking out the door. Network security types seem most concerned about network application vulnerabilities and with firewall policy management or attacks against the conventional network perimeter.

From my perspective, the network itself is the most prolific vulnerability. Just look around – there are Ethernet ports everywhere. By definition, they must outnumber servers and PCs. And, they are intentionally designed to connect anything that gets plugged in. At least wireless was designed with access control technology built in (how effectively it is implemented is a different question).

A typical office has 2-4 active Ethernet ports within easy reach of anyone that has physical access to the facility. In a quick survey of my office floor, about 25% of the network connectivity is in conference rooms. As with most organizations, we have robust physical access controls (guards, badges, electronic locks, etc) to limit who can get into the building.

Why then, are the prolific Ethernet ports a vulnerability? Because almost every company allows vendors and contractors to visit their buildings for meetings or work. Because employees could bring in devices from home and plug them into the network (although this may be denied by policy). Because unconfigurable and unmanagable devices like printers or fax machines get connected to the network. Each of these represents some level of risk to the unprotected Ethernet port.

McAfee’s Unified Secure Access gives IT security the ability to control who/what can plug into the network. It moves network policy enforcement out to the last 5 meters of the network. Unified Secure Access gives the administrator the ability implement network access controls based on user identity, system health, and security posture. Guest access can be restricted to non-corporate networks and contractor access can be limited to only select network resources.

Unified Secure Access provides comprehensive policy enforcement anytime anyone connects to the network. The best kept secret is, if you are already using McAfee to secure your network or systems, you’re probably closer to a solution than you think.