Network Admission Control (NAC)
Network access control encompasses all aspects of controlling what users can do on the LAN. IT starts with controlling admission to the LAN. To decide who can come onto the LAN, IT needs to know both who the user is and the status of that user's machine. For NAC to be an effective first line of defense, then, it must encompass both:
As a first step in LAN security, enterprises need to verify that users are who they say they are and that the machine they’re using to enter the LAN complies with corporate standards, running an approved operating system with current patches and fixes and an updated anti-virus program. Without both sets of admission controls, authorized users may unwittingly unleash malware that anti-virus software would have removed from their laptop. To ensure that a NAC solution meets enterprise needs, user authentication and host posture check offerings should meet the following requirements.
Requirements for User Authentication
- Ability to support both passive and active authentication
- Flexibility to work with multiple identity stores for authentication
- Ability to identify a user’s role as part of authentication
Requirements for Host Posture Check
- Ability to provide ubiquitous, easy to administer host posture check
- Support for host posture check on hosts not under enterprise control
- Ability to work with multiple NAC agents or architectures
The LANShield Switches and LANShield Controller support the admission piece of network access control by leveraging an organization’s existing AAA servers and identity stores as well as its host integrity infrastructure. Where applicable, the LANShield products can actively participate in user authentication and host posture checks.
To round out the network access control features, ConSentry also includes three other features key to secure switching: visibility, identity-based control, and threat control.
» Download the Network Admission Control Solution Brief
» Download the Enhancing 802.1X Solution Brief
|
»
