Network Access Control / NAC

Network Access Control / NAC control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

When a device connects to a computer network, it is not permitted to access anything unless it complies with a business defined policy, including anti-virus protection level, system update level and configuration. Once the policy is met, the computer is able to access network resources and the Internet, with the policies defined in the NAC system.

In addition to these functions, NAC restricts the data that each user can access, as well as implementing anti-threat applications such as firewalls, antivirus software and spyware-detection programs. NAC also regulates and restricts the things individual subscribers can do once they are connected.

Main Goals of Network Access Control / NAC

-- mitigation of non-zero-day attacks
-- Usage policy enforcement
-- Identity and Access management

Network Access Control / NAC Features

-- can keep endpoints up to date continuously
-- detect infected endpoint before it can join the network and affect other machines
-- efficient and simple guests management
-- multiple enforcement methods including role-based access control(RBAC)
-- compliance checks for computers present on your network
-- integration with various vulnerability scanners and intrusion detection solutions
-- bandwidth accounting for all devices
-- supports Out-of-band and Inline deployment
-- automatically register a client or device
-- flexible Authentication (works with Microsoft Active Directory, RADIUS, OpenLDAP etc.)
-- High-Availability features

A Network Access Control / NAC solution implementation can be challenging, but when used correctly, it's a very effective tool in any defense-in-depth strategy.