Network Access Control

Network Access Control (NAC)

a method for increasing security of a given network by inspecting devices as they try to connect to the network to determine if they’re secure enough to be granted access

NAC Process

• Devices present themselves for inspection when connecting to a network

• Inspection Process

  Port Security:

• protects physical network ports to block unauthorized access

• can limit the number of devices allowed per port

• supports allowing only specific MAC addresses

  MAC Filtering

• Restricts network access by checking each devices MAC address

• Two main filtering methods; allow list, only listed mac addresses can connect; block list, all devices can connect except those on the list

  8002.1X Authentication

• Framework for authenticating devices before granting network access

• uses EAP (Extensible authentication protocol) for secure and flexible authentication

• ensures that only authenticated users/devices can access the network

• Three components; supplicant - user device

  authenticator - network device

  authenticator server - authenticates user device

NAC Implementations

• NAC can work together with other security tools such as, Port security to limit physical access, MAC filtering to allow only approved devices, 802.1X authentication to verify users before granting access

• types of security agents

  persistent agent - a software tool installed on company own devices; continuously monitors and enforces security rules

  non-persistent agent; used on personal or guest devices; typically appears as a web-based login when connecting

Advance NAC Features

• Time based access control

  restricts or allows network access only during certain times or schedules

• Location based access control

  checks the physical location of a devices before granting access

• Rule based access control

  decisions are made using custom rules defined by administrators