How to protect a network with Network Access Control
Network Access Control protects networks from unauthorized access and damage. NAC works in the background before access and after access.
- What is Network Access Control?
- Pre-admission NAC
- Post-admission NAC
- How does Network Access Control work?
- Why is Network Access Control important?
- What are the functions of Network Access Control?
- What are application scenarios for Network Access Control?
What is Network Access Control?
Network Access Control, also known as NAC, is a tool which protects private networks and prevents unauthorized access from external devices who do not meet the security policies. NAC solutions perform two important tasks to achieve this.
Network Access Control has a complete overview over the devices which are connected to a network. The type of device does not matter, which means computers, smartphones, printers, scanners or any object associated with the Internet of Things are included. The goal is to prohibit third-party systems from accessing the internal network through Wi-Fi or other means. This type of Network Access Control is called pre-admission NAC and it aims to maintain the security architecture.
The compliance feature checks devices which are already within the network and identifies possible problem sources or security leaks as early as possible. For example, the Network Access Control checks the firewall status and the antivirus program to ensure that only up to date devices are in the network. This feature is part of the post-admission NAC and it monitors specific areas within a network.
How does Network Access Control work?
There are several different NAC systems which work in different ways. Network Access Control works in a similar way to the other systems. This involves a company’s security team or the person responsible for a network establishing mandatory rules for all devices in the network. Network Access Control reviews and categorizes new devices. Access to the network is granted or denied based on if the device meets the security criteria. A device with access is given specific permissions and is audited regularly. This maintains the network’s security.
Why is Network Access Control important?
Although NAC is not suitable for every network, it is important for companies and larger networks. The technology provides a complete overview of every device in the network and prevents unauthorized persons from gaining access. Network Access Control helps create and maintain all relevant security policies. It also allows rights and roles to be assigned. If a device on the network is not operating in compliance with the policy, they can be quarantined and reactivated once the errors have been corrected.
What are the functions of Network Access Control?
Network Access Control uses several methods and features to protect a network before access and after access. The most common technologies include:
Security policies for NAC
Every network should have stringent security policies for all devices and application scenarios, but different prerequisites and authorizations should be taken into account. NAC solutions allow you to choose these policies in advance and adjust them as needed after the network has been set up, based on the policies defined, devices are controlled before and during access.
Profiling for NAC
During profiling, Network Access Control scans all devices, checks their properties and compares their IP addresses. This ensures that all devices in the network can be detected and scanned for security breaches.
Sensors for Network Access Control
Even devices which are authorized can cause damage to a network by intentionally or unintentionally violating the internal rules. Sensors work as software components or directly on access points. Sensors monitor the data traffic within a network or specific sub-areas in real time and prevent violations.
Network Access Control agents
Network Access Control agents are software installed on end devices. These agents communicate with a central NAC hub and grant the end devices access to the network. The advantage of this method is that only previously selected and authorized devices are granted access. The disadvantage is that each device must have an agent. This can be very time-consuming, especially for very large networks. Microsoft and Cisco offer a trust agent for the NAC variant Network Admission Control.
Temporary agents are also an option. Temporary agents do not have to be permanently installed and they are automatically deleted when the system is restarted. These are usually loaded on a browser and subscriber’s express consent is required. This intermediate solution is suitable for temporary, one-time or sporadic access to a network. However, other methods of Network Access Control are more practical for long-term use.
VLAN solutions for NAC
Many NAC tools use Virtual Local Area Networks to create subareas which are only certain devices can access. This allows sensitive areas to be separated from public or largely public segments.
LADP directories for grouping
With LDAP directories, Network Access Control creates groups for dividing users. Each group receives certain rights and access to certain parts of the network or all areas. This also makes it possible to give access to individuals rather than the end device.
What are application scenarios for Network Access Control?
There are several application scenarios for Network Access Control. Not every solution is suitable for every purpose. The following application scenarios are most common:
Bring Your Own Device
Bring Your Own Device or BYOD is a practice used by most networks. Simply put, BYOD means that people can dial into a network with their own end device. This can be a smartphone in the office or their own laptop in the university’s network. However, so many different devices can pose great challenges for the infrastructure and security. Network Access Control is actually critical to protecting sensitive data from malware and maintaining an overview.
Guest access to systems
Guests or people from outside a company may also need access to a system. This may only take place sporadically or just once, but a good connection and security policies are also particularly important here. This is another reason why a well-planned Network Access Control is crucial.
Internet of Things
More and more devices can gain access to a network through the Internet of Things. These devices are not always kept up to date or are checked regularly. A good NAC strategy ensures that these devices do not open a gateway for unauthorized persons.
Network Access Control in healthcare
Security is a top priority in the healthcare sector. Devices must function properly, and data must be protected at all costs. It is important that the network has no weak points. The right Network Access Control is therefore also of great importance here.