In the IT world, there are a lot of terms that are defined differently based upon who you talk to. Network Access Control or NAC, is one of the terms that if I polled 20 SecurEdge clients, most of them would have a different way to define NAC. The issue is that there are so many security products out there and there is so much discussion around the term, that the lines are blurred as to what it is and what a true NAC solution should do.
The reality is that currently, you can’t solve the NAC puzzle with just one product (regardless of what equipment providers tell you). You have to build a wireless network system and a wired network system that are integrated with security appliances that will give you the control and enforcement you need to feel comfortable.
But before we get into the details of the hardware and software and all of that, let’s just start with the basics of what we’re trying to accomplish.
What is NAC and what should it do?
Here are the three things a Network Access Control Solution should do:
- Validate Identity (and all of the other details) - Before you control the user and device, you need to know what and who it is. Your NAC system should understand these things:
- Who- Wo is this user and do they exist in directory services?
- What- What is this user trying to access?
- Where- Where are they? (Dorms, Administrative buildings, outside, etc.)
- When- What time of day are they connecting?
- How- How is this user connecting with? (iPad, iPhone, Laptop)
- Assign a Role - If you know everything about validating identity, now you need to assign a role with specific policies for that user or group of users. We call this Role Based Access Control. For example:
Student Role: this user can access the internal student shared drive, learning applications, and the internet.
Faculty/Staff Role: this user can access all internal resources, with the exception of the financial and HR servers; they can also access the internet of course.
Guest: This user can only access the internet and check email.
-
Policy Enforcement - this is also called “endpoint integrity” or “endpoint compliance” but the idea is that you are controlling the behaviors of the devices connecting to your network. This includes making sure that viruses aren’t being transmitted and the users are complying with your terms of use including internet content, etc.
So there you have it, those are the things that a true NAC solution should do on your wireless network. These solutions are pretty complex, So if you need some assistance, you can CONTACT US here for free help from one of our consultants. We will be happy to help! We’ve also got some free resources on our site that will help point you in the right direction.