MetaInfo, a spinoff of Check Point Software Technologies Ltd., is developing software which takes advantage of the point where machines obtain their IP address on a corporate network via DHCP as an opportunity to "frisk" the machine - to do a quick fly security audit. Such an audit can confirm that the machine joining the network is legitimate and complies with corporate security policies.
"That is where the opportunity exists to take control of the machine initially and route it to where you want to send it, inspect it and let it have access," said MetaInfo user James LoTruglio, vice president of IT for Hearst Service Center, the operational arm of Hearst Corp., in Charlotte, N.C. LoTruglio, who had been asking for such functionality for years, said he saw the potential for using DHCP (Dynamic Host Configuration Protocol) services to provide access to a secure area on the corporate network---such as a virtual LAN---and then, he said, "use a secure tool to interrogate the machine for various patch levels and the like."
After the process is complete, the machine is given an IP address and a permanent space on the network as normal. The idea is that policies can be applied at the moment of network connection, with everything being controlled from that moment on.
With the rise of mobile working, as well as an increase in malware such as worms and viruses, this kind of access control seems well needed.