Network Admission Control
The NAC solution implements security control over access users to provide end-to-end security. Learn more about the capabilities of NAC and NAC Application.
Join the DZone community and get the full member experience.Join For Free
The NAC solution implements security control over access users to provide end-to-end security.
What Are the Capabilities of NAC?
NAC provides the following capabilities:
Access users need to be authenticated, and only authorized users are allowed access to the campus network. This is a basic requirement for campus network security. Identity authentication for terminals, such as PCs on the campus network, need to meet the following requirements:
- After a user with a secure terminal enters the correct user name and password, the user can be normally connected to the network.
- A user with an insecure terminal can only be connected to the network isolation domain and then connected to the network after terminal security is repaired.
- Unauthorized users are not allowed access to the network.
Users can be precisely matched based on the user identity, access time, access location, terminal type, terminal source, and access mode (5W1H for short) to control the resources available to users. The following explains 5W1H:
- Who is connected to the network (employees or guests)?
- Whose devices (enterprise devices or BYOD devices)?
- What devices (PCs or mobile phones) are used?
- When is the access initiated (during working hours or non-working hours)?
- Where is the access initiated (in the R&D area, in a non-R&D area, or at home)?
- How do devices access the network (through wired or wireless networks)?
Terminal Security Check and Control
The NAC solution checks the security of terminals to allow only secure and healthy terminals to connect to the network. Security check must meet the following requirements:
- Scans terminals before they are connected to the network to obtain their security status; for example, antivirus software installation, patch update, and password strength.
- Associates with the NAC device to block the terminals that do not pass security checks. This prevents damages to the service system and helps terminals complete automatic security issue repair.
- Denies network access of terminals whose security problems cannot be repaired in a timely manner.
System Repair and Upgrade
The NAC solution provides automatic and manual system repair and upgrade functions. It can automatically download and upgrade system patches, trigger antivirus database updates, and enforce security measures such as killing illegal or violating processes.
The Network Admission Control (NAC) solution can be applied to many network scenarios, such as enterprise campus network, bring your own device (BYOD), Internet of Things (IoT), and public Wi-Fi network scenarios.
Enterprise Campus Network
The NAC solution strictly differentiates network access rights of employees and non-employees based on user roles on an enterprise network.
To meet employees' pursuit of new technologies and personalization and improve their work efficiency, many enterprises start to consider allowing employees to connect to the intranet using their own smart devices (such as mobile phones, tablets, and laptops). This is called BYOD. Generally, no security terminal is installed on employees' own devices. Accessing the enterprise intranet through these devices may bring security risks. The NAC solution uses the terminal type identification technology to automatically identify the types of devices that employees use to connect to the enterprise intranet. This implements authentication and authorization based on user information, device type, and device operating environment.
Most IoT devices do not support traditional authentication protocols or security certificates. The NAC solution automatically identifies IoT devices based on their electronic identity information (including the device version, vendor information, version number, product name, and terminal type), and completes network access authentication for the IoT devices based on the configured security policies.
Public Wi-Fi Network
Public Wi-Fi networks are widely used. Almost all cafes, shops, airports, hotels, and other public places provide public Wi-Fi access for their customers and guests. A completely open public Wi-Fi network has low security. This is because anyone can log in to the network without identity authentication. Therefore, exercise caution when connecting to the network. NAC provides WeChat authentication and SMS authentication. When a user accesses a public Wi-Fi network, the user can scan the QR code through WeChat or enter the mobile number on the web portal page to access the network using the real name.
For more, you can refer to What is Network Admission Control (NAC)?
Published at DZone with permission of CHUN ZOU. See the original article here.
Opinions expressed by DZone contributors are their own.