Network Access Control

From Wikipedia, the free encyclopedia

This article or section does not adequately cite its references or sources.
Please help improve this article by adding citations to reliable sources. (help, get involved!)
Any material not supported by sources may be challenged and removed at any time. This article has been tagged since July 2006.

The introduction to this article provides insufficient context for those unfamiliar with the subject matter.
Please help improve the introduction to meet Wikipedia's layout standards. You can discuss the issue on the talk page.

Network access control (also called "network admission control" and "network access protection") is a method by which access to enterprise network resources is granted based upon authentication of the user and device as well as verification of the device's compliance to policy.

Network Access Control (NAC) aims to do exactly what the name implies: control access to a network. The term NAC is also sometimes used for Network Admission Control, which is focused on authenticating users and performing a posture check on the connecting device. The broader definition of NAC, as access control, includes pre-admission endpoint security policy checks and post-admission controls over where users can go on a network and what they can do.

NAC's roots trace back to the trusted computing movement, and the work of the Trusted Computing Platform Alliance. The TCPA morphed and reappeared as the Trusted Computing Group (TCG). The TCG has created the Trusted Network Connect (TNC) sub group to create an open-architecture alternative to proprietary NAC initiatives. The Trusted Network Connect Sub Group (TNC-SG) aims at enabling network operators to provide endpoint integrity at every network connection, thus enabling interoperability among multi-vendor network endpoints.

It is still an emerging technology space, and many vendors are taking advantage of this lack of definition to jump on the NAC bandwagon. But if we boil down NAC to its essence, we are referring to the ability to:

  • Enforce security policy and restrict prohibited traffic types
  • Identify and contain users that break rules or are noncompliant with policy
  • Stop and mitigate zero-day malware and other threats

Multiple companies (such as Mirage Network, Bradford Networks, Check Point, Cisco Systems, ConSentry Networks, Nevis Networks, Enterasys, ForeScout Technologies, Juniper Networks, Lockdown Networks, Microsoft, Sophos, Symantec and Vernier Networks have deployed NAC products, each providing different layers.

Layers of a compelete NAC security deployment

  • Agent-Based or Agentless Posture Check
  • Zero-Day Threat Prevention
  • Dynamic Policy Enforcement
  • Surgical Quarantining and Remediation
  • Network Intelligence
  • Policy Decision and Policy Enforcement (inline or out of band)

Policy decision may be separate from policy enforcement - this architecture is often called an out-of-band deployment. When policy decision and policy enforcement occur in the same device, this is called an inline deployment.

 This technology-related article is a stub. You can help Wikipedia by expanding it.

Network Admission Control

Introduction

Enforce Security Policy Compliance

Network Admission Control (NAC), a set of technologies and solutions built on an industry initiative led by Cisco, uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats. Customers using NAC can allow network access only to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example) and can restrict the access of noncompliant devices.

NAC Delivery Methods

NAC Appliance technology, based on the Cisco Clean Access product line, provides rapid deployment with self-contained endpoint assessment, policy management, and remediation services. NAC Framework technology, through the Cisco Network Admission Control Program, integrates an intelligent network infrastructure with solutions from more than 75 manufacturers of leading antivirus and other security and management software solutions.

NAC Business Benefits

  • Dramatically improves security
  • Ensures endpoints (laptops, PCs, PDAs, servers, etc.) conform to security policy
  • Proactively protects against worms, viruses, spyware, and malware;
  • Focuses operations on prevention, not reaction

Extends existing investment

  • Enhances investment in network infrastructure and vendor software
  • Combining with Cisco Security Agent enables "trusted QoS" capabilities that classify mission-critical traffic at the endpoint and prioritize it in the network

Increases enterprise resilience

  • Comprehensive admission control across all access methods
  • Prevents non-compliant and rogue endpoints from impacting network
  • Reduces OpEx related to identifying and repairing non-compliant, rogue, and infected systems

Comprehensive span of control

Assesses all endpoints across all access methods, including LAN, wireless connectivity, remote access, and WAN))

Retrieved from "http://en.wikipedia.org../../../n/e/t/Network_Access_Control_5122.html"