Endpoint Devices

What is Network Access Control?

Network Access Control, commonly referred to as NAC, consolidates all endpoint security to provide networks with a secure and reliable level of controlled access.

As a network management tool, NAC ensures that organisational security policies are effectively and consistently enforced across diverse infrastructures. Securing organisational networks by only granting authenticated, verified and trusted endpoint devices, such as laptops, mobiles, PCs, servers and workstations, to access permitted networks. By utilising NAC solutions, organisations can strengthen and protect their networks, making them less vulnerable to data loss or malicious cyber-attacks.

NAC is area of computer security which is constantly evolving alongside the changing internal and external threats organisations face. As a result, NAC implementation will vary depending on an organisation’s existing security measures and overall risk appetite.

We have outlined a few key aspects and benefits of NAC solutions below:

Pre-admission control:

Focusing on proactive control, pre-admission assesses each endpoint device before for security policy compliance before allowing access to the network. Failure to meet the policy requirements could be due to an out-of-date firewall, or something more sinister such as malware.

Role-based access control:

Companies of all sizes are likely to have multiple separate departments and seniority levels across their organisational hierarchy. Role-based control ensures that only authorised persons, who have the approved credentials, can access certain areas of the network suitable for their job function.

Role-based control provides each network user with the best possible experience considering all the controls of security and the intended purpose of the user. This means that your guests, contractors and 3rd party suppliers, as well as your permanent employees, have access to the right areas of the network without compromising security or their productivity.

Device detection:

To be able to enforce consistent policies across the network, organisations must first understand what devices are connected to their network. Each device, whether it is corporate issued or personally owned, is a potential access point for malicious activity. As the number of internet connected devices available grows, the ability to catalogue and if necessary, quarantine devices which violate policy, is vital.

Network separation:

As mentioned above, it is increasingly common for employees to connect their personal internet-connected devices to a corporate network. Unfortunately, many consumer-level IoT devices do not have appropriate levels of built-in security, which can leave organisations vulnerable to exploits. A separate virtual local access network (VLAN) is another NAC solution which ensures only approved devices have access to your primary network. This separation of networks is also used when reviewing quarantined devices and remediating access issues.

Post-admission control:

While pre-admission control looks at preventing access to the network for non-compliant devices, post-admission control is an additional safeguard which polices devices which already have access to the network. Acting as an internal firewall, post-admission control is a form of ongoing security maintenance, whereby any device which attempts to access resources outside of their permissions is blocked. This is particularly useful when considering viruses or worms which are easily spread through seemingly innocuous email attachments or links sent to employees.

A successful NAC solution should support the balancing of security and usability. Employee productivity or external relationships should not be hampered by overzealous or restrictive policies.

By having full visibility into who has access to the network and why, organisations can help manage and control their security levels. Additionally, by logging when a network is accessed, an audit trail can be established, supporting the isolation and further investigation of identified malicious network traffic.

If you are interested in finding out more about the common network vulnerabilities and recent exploits listen to our webinar – ‘Avoiding disaster with Advanced Network Control’ – now available as a recording.