Why Network Access Control Risk is Failing Security Professionals
Written by Paul Campaniello on November 15, 2017
Current best practices recommend a laundry list of security technologies: VPNs, VLANs, NAC, Next Generation Firewalls, Privileged Access Management (PAM) solutions, and so on.
But too much technology results in ‘spend in depth’, and not necessarily improved security. And if you’re still using the same principles you were using ten or twenty years ago, you might have the strongest network perimeter in the world, but no ability to respond to internal threats.
Today, let’s consider network access control (NAC).
Network access control (NAC) is a method of bolstering network security by restricting the availability of network resources to endpoint devices that comply with a defined security policy. A traditional network access control server performs authentication and authorization functions for potential users by verifying client device profiles (such as the presence of antivirus software and spyware-detection programs) before permitting access to the network.
Through a combination of client agents and network server components, NAC systems enforce policies about which network segments users can access. NAC (which often follows the 802.1X protocol), uses client profile and authentication information to make these policy decisions. Based on these policy decisions, the NAC permits access to network segments or VLANs. NAC systems may also require or perform remedy actions on non-compliant devices (such as enabling a client firewall).
NACs do incorporate some (limited) client profile information to make network access decisions, and can (in some ways) remediate non-compliant clients. And they integrate into existing network infrastructure components such as VLANs.
Why NAC Solutions Fall Short
Ultimately though, NAC solutions fall short for several reasons:
Check out our eBook on why NAC is failing security professionals.