Network Access Control - secure access

In terms of complexity, the modern network is a veritable jungle. One of today's hot topics is Network Access Control (NAC), which is responsible for detecting the connection of devices to a network, for authenticating them, for checking their security and integrity, and for isolating them from the network in the event of a breach of rules.

In recent years, NAC has developed considerably. Vendors use two different technical approaches. One of the approaches controls the access in-line on the switches with 802.1x, the other performs the job out-of-line by manipulating the network traffic. Both technologies have their pros and cons.

Meanwhile, the vendors have realised that the market demands the possibility to combine both technologies in one product in order to exploit the strengths of both.

Due to their high market shares in the fields of switches and routers, Cisco (CNAC) and Juniper (UAC) are competitors in the field of 802.1x. Most vendors that use out-of-line solutions are smaller companies specialised in IT security, such as Forescout. And whats about Microsoft? Microsoft also offers Network Access Protection functions in its operating systems, though most operating systems need to be upgraded. In view of the problems that often occur when upgrading a small number of servers, just think of what could happen when trying to update an entire network ...

NAC must detect changes in real time and react immediately

In our opinion, NAC products should use several methods to detect terminal devices in order to reduce the potential of circumvention. When a terminal device is detected, the system must be able to read all relevant information from the terminal device with a high degree of accuracy. At any rate, an NAC system should realise when virtualised guest systems are connected via a host system and slip under its allowed signature. Moreover, an NAC system should be equipped with network detection functionality, as enterprise networks often have "unknown" or undocumented networks.

Another key criterion for the selection of an NAC solution is the existence of interfaces for ticket systems and asset management databases. As a matter of principle, a good network design facilitates the implementation, the subsequent administration, and the troubleshooting, and makes it more difficult to evade the NAC.

XXX is the best! Systematic evaluation.

In view of the multitude of providers, the user must first ascertain whether the vendor of his network devices offers NAC solutions and whether he wants to use these, of whether he rather wants to opt for businesses that are specialised in IT security and whose main line of operations includes Network Access Control.

Close collaboration of the server, desktop, network, and security departments is vital. The solutions can be evaluated as soon as the goals and requirements have been clearly defined. Important: The operation model and the required workflows should be included. Thereafter, the company is ready for the successful introduction of an NAC solution. 

We have interesting solutions for you, and we can help you to make the evaluation phase more effective. Simply Contact  us.