Network Access Control
Network Access Control (NAC)
Today’s enterprise networks contain a vast and increasing range of devices—traditional computers, mobile devices, industrial controls, virtualized servers, and cloud-based applications, among other things. This diversity will only accelerate as hybrid IT environments and the “Internet of Things” becomes the norm.
Outdated network access control policies, such as “block everything that is not owned by the organization,” stifle business productivity by increasing help-desk call volumes and creating more business disruption. To roll out an efficient and effective network access control system, IT security managers need the following:
. Network device visibility and information. This must include device type user identity and role, device location, and its level of
compliance with organizational security policies.
. A flexible and granular policy engine combined with a range of control options. This includes the ability to configure the NAC product
to provide the right action for each situation automatically, without the need for human involvement.
. Network Access Control gives real-time visibility to users, devices, operating systems and applications that are connected to the
network. This should incorporates a comprehensive, high performance host interrogation engine and provides an abundance of
information about what is on that network.
Unlike legacy NAC products, which use heavy-handed controls that disrupt users without ensuring response, today's solutions provides an extensive range of automated controls that preserve the user experience and keep businesses running to the maximum extent possible.
The rising popularity of mobile computing expands the need for an advanced Network Access Control Strategy. Employees can access corporate information using smartphones, tablets, notebook computers, and shared computers. Because NAC represents an emerging category of security products, its definition is both evolving and controversial. The overarching goals of the concept can be distilled to:
Mitigation of non-zero-day attacks
The main benefit of NAC solutions is to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of computer worms.
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes.
Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.