Network-Access-Control smartly simple – achievement without effort
The subject of Network Access Control (NAC) to provide protection from unauthorised, unsecured devices or internal aggressive access attempts is very prevalent in today’s enterprise. It has also suddenly become a major area of concern and discussion for senior management. But why? And why now – after so many years of Network Ports being open to attack – and bearing in mind that there are already so many products on the market?
The main reason for the increase in demand of optimized NAC solutions is not only the increased threat of industrial espionage but also the increasing number of allowable devices in otherwise secure environments. Employees generally expect their workplace of the future to allow the use of their own smartphone, laptop, ultrabook or other such devices. Many companies have displayed a reticence in allowing access to these “unknown” devices, through company policies – but, more and more, these rules are being relaxed. Coupled with this is the alarming fact that many devices are able to connect to so-called “allocators”, such as access points that are easily configured by the user – without the IT department even noticing it! The fact remains that employees using such devices have no concept of the inherent dangers of connecting unsecured devices to a secured network. The majority of the devices have not been designed with security in mind and are, therefore, not suited to the security measures required for corporate use – and that makes them exceptionally difficult to manage centrally. The acceptance of even a solitary unsecured device paves the way for others if a parallel instance of control is not implemented. .This is called Network Access Control.
Another reason for the sudden rise of NAC is the emergence of more mature, functioning solutions. Until recently, most of the solutions on offer were based on technologies and strategies which did not operate satisfactorily. At the time, appliances had to be distributed across the whole network to block the traffic from unwanted systems andsoftware had to be installed on all endpoints to ensure the communication exclusively with the company’s own devices – otherwise, the complete infrastructure had to be expensively homogenized with one vendor. The overall expense and inherent costs of such implementations led, almost inevitably, to the failure of the intent behind the project – and also gave rise to a lot of negativity around the whole subject of NAC.
Things have changed!
The integration of new technologies and old, but matured technologies, today allows the establishment of a central security authority for the control of all devices in LAN and WLAN. This can be achieved without the need to adjust the existing network – or to invest heavily – or to have to apply much effort for implementation. However, it is essential to start thinking now about the requirements for the future solution, in advance. The expectations should be based mainly on three things: “Security, Comfort and Overview”:
A NAC solution can be defined as the core element of the network; through the control of all network entry points and through the use of future-proof technologies such as. 802.1X, SNMP or Active Directory. Security should be provided as a centrally managed instance of access permissions for standard, new, unqualified, private, secure, insecure and guest devices. In this way, the solution provides an automated method of providing a network designated per individual device. In principle, the techniques used must cover the entire network – without exception and regardless of the existing network infrastructure – covering and acting independently of the plethora of operating systems used by any of the endpoints. As an addition, tremendous benefits can be achieved, if the NAC security solution can be integrated with other existing or planned security products.
As with any good interfacing Solution, the implementation and maintenance of its core elements should be as straightforward as possible, so that it does not become a burden to the level of security required. This means that the selected NAC solution should not be overly-complex and should fit into a normal daily workflow. For example; a dynamic VLAN management for company devices should also provide simple and reliable access for guests and other visitors (such as service providers) as an absolute basic requirement. The operation of a network of any size can be a considerable daily effort and a central component such as NAC can and should reduce both operating resource and relative expense.
The control of all dynamic network entry points from a central location should also provide, present and make available as much information as possible, in a user-friendly format. This includes; graphical representations and “at-a-glance” maps of the entire network topology, an overview and “drill-down” statistics of the current and last operated devices with details such as the location of the last sighting, etc. It should also contain displays and listings of free or multiple use ports. Through these provisions, network transparency in itself increases enormously and each device, port and resource can be found conveniently – at the press of a button.
– All these requirements can be met through products that are available today. The NAC solution macmon offers, is a robust structure, expected of legacy and mature systems and combines them with new technologies in an intuitive interface for any user. macmon operates from a central location with a central server and covers the entire network, irrespective of physical locations. New devices are immediately recognized and treated on the basis of their individual attributes, with flexible rules. Depending on the nature of your own network, various methods and technologies can be used and mixed within integrated operations – and adjustments to your current infrastructure are simply not necessary. Initial costs are drastically reduced through a straightforward implementation which takes one or two days (depending on your network size). The added value of integrating the macmon NAC solution within an existing infrastructure based on the mentioned requirements, really does speak for itself!
Christian Bücker, CEO, macmon secure gmbh
For more information about macmon, visit our vendor page – click here