January 22, 2012

1.3.7 NAC

NAC

NAC – Network access control is a method of bolstering the security of a proprietary network by restricting the availability of network resources only to endpoint devices that comply with a defined security policy.

NAC aims to control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

When a computer connects to a computer network, it is not permitted to access anything unless it complies with a minimum set of parameters. Checks include the devices operating system, application patch level, anti-virus protection level, user access rights, system update level and configuration.

While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues. Once the policy is met, the computer is able to access network resources and the Internet, within the policies defined within the NAC system.

NAC’s goals include:

  • Mitigation of proliferation – NAC solutions attempt to block end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk.
  • Policy enforcement – NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in the network.
  • Identity and access management – Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities.
  • Operational security issues include network access control (NAC), authentication, and security topologies after the network installation is complete.

References:

  • http://en.wikipedia.org/wiki/Network_Access_Control
  • http://searchnetworking.techtarget.com/definition/network-access-control
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment