Network access control
Network access control (NAC) is a security process that enables enterprises to assure that devices meet the security objectives of the enterprise security policy. NAC assures the integrity of the enterprise network and increases network availability.
A network access control process is composed of a number of functions that work together to monitor end user devices. These functions include:
- Policy creation, management, and enforcement
- Device and user identification and authentication
- For valid users, deep device screening (to include files and registry)
- Granting access to, or quarantining the device, based on the outcome of the security screening
- For quarantined devices, remediation
- For accepted devices, network resource access control based on identity and/or policies
- Post-connection posture and behavior monitoring and enforcement
Three common NAC implementations include infrastructure-based products, endpoint software-based products and appliance-based products.
The infrastructure-based products integrate the NAC functions into the operating systems of the enterprise’s routers, switches and computing platforms. These devices use a combination of DHCP and 802.1x for authentication and quarantining of user systems. Cisco’s and Microsoft NAC products fit into this category.
The endpoint software-based implementation relies on software that runs as part of the operating system of the managed devices. This is similar in nature to other network management platforms that rely on managed devices and a management station. For resident devices (devices always present on the network) the software is loaded as part of the security load. For visiting devices (devices transiently present) the software can be added via ActiveX controls or Java applets. In the market today this type of NAC product is tied to anti-virus and firewall vendors like McAfee and Symantics.
The final implementation is an overlay approach to network access control. An NAC appliance is added to the existing network. These appliances use a combination of software capabilities and hardware manipulation to provide NAC services. Often the NAC appliance is teamed with intrusion prevention systems (IPS) and quarantine servers to provide a complete set of services.
Considering the number and frequency of attacks on computers today and the number of computers that are ‘always on” the Internet, corporation have to take drastic steps to protect their assets. Network access control is one of these steps. As a result of this, the NAC market continues to expand.
Standards efforts for NAC products is being pushed forward by the Trusted Computing Group's (TCG) Trusted Network Connect (TNC) open specifications for network access control. This standard will enable interoperability of clients and servers with NAC appliances.
|<mp3>http://podcast.hill-vt.com/podsnacks/2007q3/nac.mp3%7Cdownload</mp3> | Network access control (NAC)|