With network access control, networks can be protected against unauthorized access and damage. NAC works before and after access.
What is network access control?¶
Network access control, also known as Network Admission Control (NAC), is used to protect private networks from unauthorized access by external devices that do not adhere to certain clearly defined security policies. Network access control solutions fulfill two main roles:
NAC pre-admission check¶
Network Access Control provides a comprehensive overview of all devices connected to a given network. The type of device does not matter, computers, smart phones, printers, scanners and Internet of Things (IoT) technologies can also be considered. The objective of this approach is toprohibit access to foreign systems from accessing the internal network via Wi-Fi or other means and thus maintain the security architecture. This type of network access control is called NAC preadmission.
NAC post-admission check¶
The compliance feature allows you to control devices that are already in the network andidentify as soon as possible any sources of security problems or leaks. Network access control makes it possible, for example, to check the status of a firewall or antivirus and thus ensure that only the latest devices are on the network. This function is part of the post-admission NAC which monitors certain areas within a network.
How does network access control work?
There are many different NAC systems, and sometimes they work differently. Generally, network access control works in a relatively similar way. A company’s security team or the person responsible for a network begins by setting rules that are mandatory for all participating devices. Network access control then makes it possible to check and categorize new devices. Access to the network is authorized or prohibited depending on the security rules defined in advance. A device with access receives certain rights and continues to be controlled. Network protection is thus preserved.
Why is network access control important?¶
Granted, NAC isn’t suitable for every network, but it’s worth using, especially for businesses or large networks. This technique allowshave a complete view of all devices that are in a network and prevents unauthorized people from easily accessing them. Network access control helps create and maintain all relevant security policies for the network. It also allows you to distribute rights and roles. Devices that are already on the network, but are not currently operating according to policies, can be quarantined and reactivated once the faults are corrected.
Regularly back up your company data to your personal cloud storage space with Managed Nextcloud from IONOS. This gives you total data sovereignty and saves on administration costs. Your GDPR-compliant cloud storage can be flexibly expanded and supplemented with Office applications.
What are the functions of network access control?¶
There are many different methods and functions used by network access control to best protect a network before or after access. The most common technologies are:
Security Policy for NAC¶
Every network needs well-defined and adjusted security rules, which are binding for all devices and application cases, but which also take into account different conditions and authorizations. NAC solutions therefore allow you to define these rules in advance and adapt them if necessary after setting up the network. The parameters thus defined make it possible to control the devices before and during access.
Profiling in the NAC domain¶
During profiling, Network Access Control scans all devices, checks their properties and compares, for example, their IP addresses. This means that all devices on the network can be captured and examined from a security perspective.
Sensors for network access control¶
Even devices that are in principle authorized and validated can cause damage within a network or violate internal rules, intentionally or unintentionally. Sensors that operate either as software components or directly on access points, monitor all data traffic within a network or parts of it in real time and can prevent access or arrest him in the event of an infraction.
Agents for network access control¶
In the field of network access control and in most cases, agents are software installed on terminals. These agents communicate with a central NAC contact point which grants them access to the network. The advantage of this method is that only previously selected and authorized devices have access. The disadvantage is that each device must be equipped with such an agent. This can be very complicated and time consuming, especially for very large networks. For example, in addition to Microsoft, Cisco offers a Trust Agent for the NAC variant.
An alternative is to use temporary agents that do not need to be installed permanently and are automatically removed during a reboot. They are generally loaded via the browser and require the explicit consent of the participant. This intermediate solution is suitable for temporary, single or sporadic access to a network. For permanent use, however, other methods of network access control are much more practical.
VLAN solutions for NAC¶
Many NAC tools create subareas via virtual local networks that are only accessible to certain devices. It is thus possible to separate sensitive areas from public segments or those widely accessible to the public.
LDAP directories for better grouping¶
With LDAP directories, network access control creates groups into which users can be divided. Each of these groups receives certain rights and thus has access to parts of the network or to all areas. Thus, it is also possible to make access depend not on the terminal, but on certain people.
What are the application cases of network access control?¶
There are many application possibilities for network access control. Not all solutions are suitable or recommended based on the objectives. The following application cases are particularly common:
Bring Your Own Device (BYOD)¶
Bring Your Own Device is a practice that is now found on most networks. Simply put, BYOD means that users can connect to a network with their own device. This could be a smartphone or the personal laptop on the university network. The number of different devices laid however big challenges for infrastructure and security. In this context, network access control is indispensable to protect sensitive data, for example against malware, while maintaining an overview.
Guest access to systems¶
Guests or people outside the company may also need access to the existing system. Even if this only happens sporadically or even once, it is very important to find the right balance between a good connection and the necessary security aspects. This is also why well-thought-out network access control is necessary.
Internet of Things¶
With l’Internet of Things, or the Internet of Things, more and more devices have access to a network, but these devices are not always updated and controlled individually. With a good NAC strategy, you ensure that these devices do not provide a gateway for unauthorized individuals.
Network Access Control in Healthcare¶
In the healthcare industry, safety is a top priority. Indeed, the devices must function correctly and the data must be protected as best as possible, which means that the network must not have weak points. Proper network access control is therefore also very important in this area.