- Definition of Network Access Control (NAC)
Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement.
- Goals of NAC
▶ Authorization, Authentication and Accounting of network connections
▶ Encryption of traffic to the wireless and wired network using protocols for 802.1X such as EAP-TLS, EAP-PEAP or EAP-MSCHAP
▶ Role-based controls of user, device, application or security posture post authentication
▶ Automation with other tools to define network role
The main benefit of NAC solutions is to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination from viruses and other malware
▶ Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities or roles
▶ Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and Firewalls/IDS/Load Balancers etc.
▶ Role-based controls of user, device, application or security posture post authentication
▶ Automation with other tools to define network role
The main benefit of NAC solutions is to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination from viruses and other malware
▶ Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities or roles
▶ Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and Firewalls/IDS/Load Balancers etc.
- NAC Vendors
▶ Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE) enables a dynamic and automated approach to policy enforcement that simplifies the delivery of highly secure network access control. ISE empowers software-defined access and automates network segmentation within IT and OT environments.
✓ ISE Base Package: ACS, NAC Guest Server + NAC Appliance & NAC Profiler
= ISE Advanced Package
✓ Appliances: ISE 3515/3595/3615/3655/3695 Hardware, ISE Virtual Machine
▶ ExtremeControl / ExtremeCloud A3
▷ ExtremeControl
https://www.extremenetworks.com/product/extremecontrol/ExtremeControl is a complete standards-based, multi-vendor interoperable pre-connect and post-connect Network Access Control (NAC) solution for wired and wireless LAN and VPN users. ExtremeControl enables role-based access controls and in-depth reporting on user activity across all devices.
ExtremeControl Training (login required)
▷ ExtremeCloud A3
https://www.extremenetworks.com/product/extremecloud-a3/ExtremeCloud A3 is an innovative Cloud-Managed Network Access Control (NAC) solution. It secures, manages, and controls all devices on your Access Network – from standard wireless and wired clients to IoT and BYOD.
▶ ForeScout CounterACT
Forescout CounterACT provides in-depth visibility using a combination of active and passive monitoring techniques to discover devices the instant they enter the network—without requiring agents. CounterACT classifies and assesses these devices and virtual instances, then continuously monitors them as they come and go from the network.
▶ HPE Aruba ClearPass
https://www.arubanetworks.com/products/security/network-access-control/
▶ HPE Aruba ClearPass
https://www.arubanetworks.com/products/security/network-access-control/
HPE Aruba ClearPass provides role- and device-based network access control for employees, students, contractors and guests across any multivendor wired, wireless and VPN infrastructure.
▶ Related posts: Understanding 802.1X and NAC
※ Reference links
No comments:
Post a Comment