Network Admission Control
From Wikipedia, the free encyclopedia
Network Admission Control (NAC) refers to restricting access to the network based on identity or security posture. When a network device (switch, router, access point, DHCP server, etc.) is configured for NAC, it can force user or machine authentication prior to granting access to the network. In addition, guest access can be granted to a quarantine area for remediation of any problems that may have caused authentication failure. This is enforced through an inline custom network device, changes to an existing switch or router, or a restricted DHCP class. A typical (non-free) WiFi connection is a form of NAC. The user must present some sort of credentials (or a credit card) before being granted access to the network.
Contents |
[edit] Posture assessment
Besides user authentication, authorization in NAC can be based upon compliance checking. This posture assessment is the evaluation of system security based on the applications and settings that a particular system is using. These might include Windows registry settings or the presence of security agents such as anti-virus or personal firewall. NAC products differ in their checking mechanisms.[1]:
- 802.1x Extensibile Authentication Protocol
- Microsoft Windows Administrator access - login credentials
- Cisco NAC Appliance L2 switch or L3 authentication
- Pre-installed security agent
- Web-based security agent
- Network packet signatures or anomalies
- External network vulnerability scanner
- External database of known systems
[edit] See also
[edit] References
- ^ Secure Access Central, "What You Should Know About Network Admission Control", Accessed August 8, 2006
[edit] External links
- Out-of-band Network Access Control- Bradford Networks
- Network Admission Control - Cisco Systems
- Network Admission Control - ConSentry Networks
- Clientless Network Access Control - ForeScout Technologies
- Network Access Control - Lockdown Networks
- Network Access Manager-Plus - NeoAccel
- Secure Network Access Solution - Nortel Networks
