What you need to know about NAC
How to choose the correct setup for your company
March 29, 2007 12:00 PM ETComputerworld - In today's world of data theft, worm and virus threats, and the need to comply with federal mandates, incorporating network access control (NAC) technology into your network infrastructure isn't an option but rather a critical necessity.
However, NAC isn't easy to define. It encompasses a broad range of meanings and methodologies. This article aims to clarify the basic points of NAC to help answer the question of what NAC setup is correct for your particular environment.
NAC is a policy enforcer and, as such, is closely tied to a company's business processes. Many wireless hot spots at restaurants, for example, employ basic NAC systems that require users to accept the conditions of an acceptable use policy before they are allowed to access the network.
This simple form of NAC works in this case, because the restaurant is providing only one simple network service -- that is, Internet access -- as a value-added benefit of visiting the establishment. However, setup like that certainly wouldn't be acceptable for other environments, such as a hospital network.
In order to answer the question of what type of NAC approach is right for your network, two prerequisites must be satisfied. The first, rather obvious one is an understanding of the NAC offerings that are available, what they do, how they do it, and how they integrate into the network. The second requirement is the presence of a clear, enforceable corporate security and access policy. NAC systems don't create policies; they enforce them. Without such policies, general corporate access decisions become the sole responsibility of the IT department (and that's never a good practice).
Digging into NAC
Achieving network access generally involves passing one of three types of tests. The first, as in the previous example of a wireless hot spot, can be satisfied by simply requiring users to agree to an acceptable use policy before allowing them to connect to the network. User identity and machine status have no bearing on whether access is granted or not; there is but one door, and it's either open or closed.
The second type of test validates user identity, and the third validates machine posture. These two tests are rarely used to either completely deny access or allow total access, with nothing in between. When a test that validates a user's identity is used, different levels of user access may be granted based on type of user, with the extremes being complete access for administrators and use of a limited set of applications (for example, only http and https) for guest users.
Machine posture refers to the state of the computer as it relates to an established security policy. If the policy mandates that a Windows machine have up-to-date operating system patches, connectivity is restricted until the patch requirement has been met. By ensuring that the machine meets the requirements of the security policy, damage from worms and viruses can be drastically reduced.
network access control
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!
A Green Architectural Strategy That Puts IT in the Black
Levergage green computing across your data center. Read more now.
Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.
Quantifying the Business Value of VMware View
Learn why you should invest in a centralized virtual desktop.
WAN Optimization as a Managed Service: More than Network Cost Savings
View this Webcast Now!
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
Asia-Pacific Enterprise Network Solutions
Learn through this Webcast how your business can achieve reliability, performance and value in hard-to-reach locations within the Asia-Pacific region.
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Mainsoft Webcast w/ Forrester Research: Drive SharePoint Adoption in Lotus Notes Shops
How can you drive mainstream user adoption of Microsoft SharePoint when your users rely on Lotus Notes?

