Network Access Control is becoming a keystone in modern networks day by day because digital world is witnessing a lot of changes regarding the way users are connecting to the various networks. This includes enterprise networks, Small office, Home office SoHo networks, and even publicly opened networks like hotspots. With the emerging of new phenomena like Bring Your Own Device BYOD and the growth of mobile devices used to access the network, Network Access Control NAC is at the heart of a secure network.

Securing the Network using Network Access Control

What is Network Access Control NAC and Why is It so Important?

Network Access Control NAC, as the name implies, is a solution which controls the access to the network. A long time ago, clients’ devices need to connect to the network was predetermined and static in nature. For instance, it was so common to see an enterprise with hundreds or maybe thousands of fixed PCs, with a good probability that all those PCs are provided by the same vendor. Controlling such an environment was a piece of cake for most network administrators. This simple task used to be accomplished by using a combination of access control lists ACLs and Port Security features of the managed access switches.

Securing the Network using Network Access Control

But things started to change with the exponential growth of mobile devices usage, and things started to go out of control for most network administrators. That is why administrators needed a dynamic solution which can scale, disregarding the number and the type of connected clients’ devices. And here was the very first and most basic functionality of Network Access Control NAC, which was controlling WHO can access the network.

This Who functionality of Network Access Control NAC systems can be achieved by using 802.1X feature in the access switches or in the wireless access points or controllers, in addition to the different Extensible Authentication Protocols EAP and identity database servers like active directory servers.

Is This Function Enough for a Modern Network Access Control NAC?

Despite the importance of the Who functionality of Network Access Control NAC, this solution had to grow to include more advanced functions and features. For instance, a modern Network Access Control NAC should provide, in addition to the Who functionality, What functionality. This functionality indicates the type of the connected user/device. Where functionality indicates the location of the user/device trying to connect, whether it is trying to connect using a wired connection, a wireless connection, or even a remote connection using the different VPN technologies. And finally, When functionality, helps administrators getting a deep insight into the different activities running inside their networks.

Securing the Network using Network Access Control

What Type of Services and Features Should We Expect from a Modern Network Access Control NAC?

The list of offered services and features offered by Network Access Control NAC may differ depending on the vendor. However, in general, a modern Network Access Control NAC should have the following capabilities:

  • Extended Profile Support: modern Network Access Control solutions should be able to identify users/devices (the Who functionality) by using extended information. This information can be obtained from the devices trying to connect. Such information can be a username, operating system, device type, MAC address, IP address, etc. By combining such information, the system can achieve very accurate identification of the user/device trying to connect, thus assuring that the right profile is associated with the right authentication request.
  • Advanced Guest Management: guests requesting access to enterprise networks is so common these days, and a traditional Network Access Control NAC can control guests so they can be totally isolated from the internal network resources. However, modern Network Access Control systems go a step further by allowing a very controlled access for the guests to the required internal resources. According to the business requirements, this access can be monitored, so no extra resources are exposed except for the required ones. Any abnormal behavior from the guest clients can be detected and proper actions can be taken accordingly.
  • Agentless Operation: Traditional Network Access Control NAC systems used to depend on an agent. This agent should be installed on the end devices to get the required information during the authentication phase and to get the feeds required to monitor the activities of the connected device/user. The model was not scalable and modern Network Access Control NAC systems can achieve most of its functionality without installing any agents on the clients’ devices. This way, the system can be more scalable and can cover a wider range of clients’ devices, disregarding their type and operating systems.

Securing the Network using Network Access Control

  • Advanced Policy Capabilities: Modern Network Access Control NAC solutions can build a contextual profile for the associated users so it can control the different activities of the different devices of that particular user.

Securing the Network using Network Access Control

  • Support of Advanced Onboarding: As we mentioned earlier, one of the main motivations to implement Network Access Control NAC solutions is the Bring Your Own Device BYOD phenomena. Modern NAC solutions can automate the onboarding of new devices of the different users (including users’ personal devices) by providing the users with the ability to provision their own devices by themselves using a portal offered by the NAC system. This way, a huge burden on the network administrators is eliminated.

  • Advanced Endpoint Compliance: The new BYOD model allows the users to use different and uncontrolled devices to access the network. This may open a security hole in the network defense systems, because the device may be infected by different viruses or malware. Thus checking the health of endpoints before it is admitted to accessing the network is a crucial task to avoid such scenarios. Such checks may require an agent to be installed on the endpoint (depending on the vendor) and can cover many aspects of the health of the operating systems of the devices. For instance, the update status, installed patches, installed software, Antivirus program status, and a lot of other factors can be checked before admitting the device to connect to the network.

Securing the Network using Network Access Control

Which Vendor Should You Choose for Network Access Control NAC Solution?

Network Access Control systems entertain vendors with a promising market. Among many different competing vendors, Cisco Systems is one of our choices. We decided like this for many different reasons.

Securing the Network using Network Access Control

The primary reason is that Cisco systems offer highly advanced Network Access Control solution, Cisco Identity Services Engine ISE, which has all of the above-mentioned features, and much more. This solution offers its user highly flexible deployment options including a Virtual machine-based and appliance-based deployments to fit the needs of the different customers. Cisco ISE can integrate with the rest of Cisco products, including Cisco ASA Next-Generation Firewalls to offer the market’s most complete and robust security solution.

Contact us today so our agents can assist you to choose the suitable model and the appropriate licenses for your particular needs. Learn why buy Cisco from us and take a look at our Cisco Switch promotions, Cisco Routers Promotions, Cisco IP Phone Promotions, and Cisco Firewalls Promotions. Network Devices Inc. offers the best prices on new, sealed, original Cisco products and offers free shipping on all U.S. orders.

Older Post Newer Post

0 comments

Leave a comment

Please note, comments must be approved before they are published

Just added to your wishlist:
My Wishlist
You've just added this product to the cart:
Checkout