Network Access Control: A Bird’s Eye View (Part 1)
In the next few blog posts, I’ll outline what Network Access Control (NAC) is and why it is a central element to keeping enterprise environments protected. This post is suitable not only for beginners to the world of network security management, but is also relevant to those more knowledgeable on the topic. We’ll be giving tips, links, and point out some tools out there that can help you get orientated around the subject of network access management.
Network access control evolved over the years and is actually far beyond what the name implies: if you break down NAC products according to their core capabilities, you will find that NAC products provide answers to a wide set of use cases, including:
- Port Security/Network Access: This includes containment, blocking and risk-based access management.
Network Visibility: Covering elements that involve endpoint protection, IoT device discovery, etc.
Asset Management: Giving IT departments the ability to audit large, complex networks that contain vast amounts of networking devices.
- State of Health/Posture Assessment: Covering enterprise devices, BYOD policies and mobile technology at large.
- Guest Access Management: Granular control over guest devices accessing the environment.
- Network Segmentation: VLAN integrity, SSID integrity, isolation, quarantine, etc.
Each use case and its capability is unique. With this said, some organizations will need all, but there is usually a leading use case that meets the core requirement in your organization. Our advice is to focus on one use case and work your way from there. You can do this by establishing a clear definition of what your requirements are and aligning your solution to this.
In terms of technology, we have two main options: 802.1x-based, or “pure play”. For each category, we have different products and a few of those products supply both. For example, Portnox NAC and Portnox CLEAR, which supplies a hybrid solution between “pure play”, non-intrusive agentless approach and a 802.1x-based solution. This is a great fit for wireless and other scenarios. Each approach has its own advantages and disadvantages. We will discuss those in future posts.
In the next post blog I will dive into actual use cases involving network access control. I will also explain what you can expect from each scenario and provide insight to how you can better manage the security challenges that exist within your unique environment.
[JT1]Micro-Segmentation based on identity