Network Access Control

From ITCwiki
Jump to navigation Jump to search

NETWORK ACCESS CONTROL

What is Network Access Control?

A simple definition of Network Access Control (NAC) can be described as a networking solution that controls, secures, and restricts access to a computer network. In a nutshell, NACs primary function is to allow you to create a policy that defines what devices can join your network and what resources those devices can access once they are on your network. However, NAC can provide other services as well such as device discovery, virtual LAN management, provide LAN access to visitors, and switch management.

NAC provides a way to protect a network from security problems that originate from the "inside". This is helpful as network security policies are often focused on preventing attacks from the outside with the use of a firewall and anti-virus software and often leave the door open for easy access to network resources from users on the "inside". For example, an outside client or even a visitor to your company may have access to available ports on your network. The computer the guest connects to a port on your network does not have any firewall or anti-virus software. So, after he connects to your network, he surfs the internet, picks up a virus and it turn possibly infects your entire network with the virus. NAC can help prevent this situation from occurring.

What can you do with NAC?

Control Access To Your Network:

NAC uses a set of rules to define and implement a policy that describes how to secure access to network ports by devices when they intially attempt to access the network. For example, when a computer connects to a port on your network, it will not be permitted to access anything on the network unless it meets the requirements of the defined policy. An example of a requirement that must be met may be that a computer must have anti-virus software installed on it. If a computer meets all the requirements of the policy, then it will be allowed access to network resources and the internet. However, just because a computer may meet the requirements of a policy, it doesn't mean they will have access to all available resources. NAC can be set up to allow certain computers to have access to only certain things. NAC can also be set up to only allow certain devices on the network.

NAC policy is basically set up and defined by a network administrator. There is no standard policy. A policy can be created by an administrator to suit the specific needs of their company.

Device Discovery

NAC can also be used to find out what devices are currently connected to your network. NAC can be set up to query switches for a list of devices currently connected to the switch ports. Information about the port, port number, last vlan and last date used can be created and stored. Reports can be generated from this information gathered. Also, the devices connected to the ports can be scanned as well, and you can obtain information such as what operating system a certain device is running. Device discovery can be a useful tool and provide you with an iventory of devices on your network.

Virtual LAN Management

VLAN Management can be made easier by using NAC. For example, if a company re-organizes and decides to move computers to different locations, with a NAC application you wouldn't need to change the configurations on the switches to reflect the changes in the re-organizing. You could use the NAC applications GUI and make configuration changes with the simple use of drop-down lists, etc. Also, if there was ever a need to create a temporary VLAN for the use of a meeting, special project, etc, you could do so using a NAC GUI rather than having to configure and cable switches and PCs.

LAN Access for Guests/Visitors

NAC can also be used to allow access to network resources and the internet to company guests or visitors. Policies can be created to grant access to certain network resources. Policies can be created on a per-port basis so depending upon which port the visitor connects to, they will only have access to resources allowed in the policy. Policies can also be created that will deny all access to any unkown device and also trigger alerts when an unkown device connects to a port. You could also set up a policy to deny access to any unkown device, except in certain areas such as a meeting room or lobby.

Switch Management

NAC application GUIs make it easy to configure your switches even for the most inexperienced users. And for experienced users, NAC application GUIs can really cut down the time required to configure and manage your switches.