Network Access Control (NAC) has become a hot topic for a wide range of corporate stakeholders, including business leaders, networking groups, and security teams. Despite all the different NAC solutions available there is still a lot of misunderstanding about what NAC really does. Before looking at the important role of NAC, it’s important to understand what NAC does in simple terms.
NAC is targeted at the access layer where computers and devices like IP phones and printers connect to the network. The network access layer is especially susceptible because it’s inside the firewall and thought to be somewhat protected by the physical building’s security. The problem is that employees have laptops that they use from home.
At home, they may not be protected by the strength of the company firewall. if they connect an infected system to the company network the virus can spread and affect the corporate network. It’s best to have company policies that require employee computers to meet company standards before they can connect to the network. Laptops need to be checked for up-to-date patches, virus definitions, and for any unauthorized programs. To meet the requirements of securing the access layer, NAC can:
- Detect and identify the type of devices connecting to the network
- Authenticate that users are who they claim to be
- Assess if the end system meets corporate security standards
- Authorize full or limited network access based on the first three functions
- Remediate any assessment problems by helping the user bring a system up to corporate standards.
After an end system is allowed network access it should be monitored to be sure it does not become a threat by monitoring for compliance with security policies, limiting network access and continually remediating any problems.