Network Admission Control

From Wikipedia, the free encyclopedia

Network Admission Control (NAC) refers to Cisco's version of Network Access Control, which restricts access to the network based on identity or security posture. When a network device (switch, router, access point, DHCP server, etc.) is configured for NAC, it can force user or machine authentication prior to granting access to the network. In addition, guest access can be granted to a quarantine area for remediation of any problems that may have caused authentication failure. This is enforced through an inline custom network device, changes to an existing switch or router, or a restricted DHCP class. A typical (non-free) WiFi connection is a form of NAC. The user must present some sort of credentials (or a credit card) before being granted access to the network.

Contents 1 Posture assessment 2 See also 3 References 4 External links

[edit] Posture assessment

Besides user authentication, authorization in NAC can be based upon compliance checking. This posture assessment is the evaluation of system security based on the applications and settings that a particular system is using. These might include Windows registry settings or the presence of security agents such as anti-virus or personal firewall. NAC products differ in their checking mechanisms:

• 802.1x Extensibile Authentication Protocol
• Microsoft Windows Administrator access - login credentials
• Cisco NAC Appliance L2 switch or L3 authentication
• Pre-installed security agent
• Web-based security agent
• Network packet signatures or anomalies
• External network vulnerability scanner
• External database of known systems

[edit] See also

• Access Control
• Network Access Protection
• Cisco NAC Appliance
• Network Access Control

[edit] References

[edit] External links

• Network Admission Control - Cisco Systems