Making NAC work for your company
There are a number of different ways to implement NAC; solutions can be hardware or software based, standalone or integrated into the internal network infrastructure. How do businesses decide what is right for them? The appropriate solution for an organization is primarily dependent on its current network environment and it is therefore crucial to assess this fully before taking the plunge. Critical factors include, how homogeneous the network is, what the main network access methods are, and of course, the budget available. For example, for small to mid-sized businesses, the most effective NAC solution is one that can assess the security level regardless of the specific solution in place as well as work seamlessly within existing IT infrastructures.
When making their choices, enterprises should focus expenditure on the solutions and services that solve their biggest problems, choosing solutions that protect against vulnerabilities and provide a full security process instead of merely providing products. As a rule, the best option for organizations looking to introduce NAC to their security suite, is to find a solution that works with the existing network infrastructure and user management systems - and one that is truly vendor neutral. This will be least disruptive to implement and will produce the best return on investment.
It is also imperative that a NAC solution provides comprehensive support for the organization's security strategies, as well as having the ability to create and manage new policies in the future. It should also be flexible enough to meet new business strategies as they inevitably arise. A final critical factor is that the solution offers capabilities beyond standard network-based enforcement, identifying and providing protection against all classes of users trying to gain access to the network - both known and unknown.
The complete NAC solution
An all-encompassing NAC solution will alert network administrators of MAC and IP addresses, enabling them to take immediate action when an unauthorised endpoint computer connects to the network. Its reporting capabilities should extend to include multiple reports for rogue endpoints, exempt computers and any new information that may prove critical - as events occur, in real time. The alerts should identify the rogue computer with pinpoint precision so that network administrators can simply and swiftly identify its network location and subsequently take the appropriate actions.
It is crucial that this constant monitoring does not interfere with normal network communications; for this reason, passive monitoring will provide the best results. The monitoring of low-level ARP (Address Resolution Protocol) a network layer protocol used to convert an IP address into a physical address, allows all IP communications to be detected, without exception. This means that even if a canny user evades DHCP network-based enforcement, their computer will not be able to communicate and spread infections throughout the network because ARP has to be used in order to slip through. By monitoring ARP, identifying which computers are attempting to make IP connections, and comparing the computer with the list of approved, compliant, and registered computers, systems administrators have a watertight way of spotting a rogue computer making advances on the network, enabling them to act fast and effectively.