NAC functions best fit on the end point. We must be about the present scenario in which users control the conduct NAC website as a part of effective security. How bad is it? We found that 40% of the respondents had begun the use of NAC, but completed only 4% actually.

The majority of those that are based search for solutions to network equipment such as devices, Ethernet switches, routers and VPN gateways are over. But we believe that this approach is wrong.

NAC 1.0 and why it does not are

Organisations increasingly on technology, Network Access Control to provide better protection of their networks and their data. However, many first-generation NAC 1.0 “solutions on a fundamentally flawed model that does not respect the competence and responsibility of different groups within the organization. NAC 1.0 was not responding quickly enough to protect against the rapid evolution of threats or the needs of an increasingly mobile workforce address.

NAC NAC separated from 1.0 to 1.0 generally has been cut property levied by a struggle for control between the two main teams, two different perspectives:

have the network team perspective – guest access. The network team interpreted “network user ” in this sense a means of control or user block unauthorized access to the network.

> The Desktop team perspective – Managed Endpoint computer. NAC 1.0 – focus on customer lock <> client access was an easy target for many products in the early NAC 1.0, with access generally considered as a luxury and not as a business necessity, and often necessary in certain locations such as conference rooms. In addition, customers often do not have a formal relationship with the company and are not part of the organ systems of identity management, such as Microsoft Active Directory. It was just enough point solution for many devices, a mechanism to computers of customers until they are brought in line with policies of the Organization block. However, NAC convened 1.0 focus on the goal of the Network Access Control teams missed a much bigger problem in terms of the security of an organization, namely the much higher risk of devastating losses, data from a managed computer setting configured incorrectly. With few exceptions, such as academic institutions, ie the large number of managed computers criterion they have a much larger surface area, the threat actually makes a much greater risk.

NAC 1.0 –

the first generation of NAC solutions do not recognize that the threat is constantly evolving, to new threats and vulnerabilities emerging every day. publisher of anti-malware, a steady flow of updates to detect and eliminate new threats. operating systems and application software vendor security patch problem on a daily basis.

user NAC 2.0 : A new model for ensuring

Many NAC products could not easily updated to allow for updates. If a seller is an update or a new version published anti-malware, the administrator had often the valuation rules update manually. With the new operating system patches, administrators tend to a new complex of the corresponding registry entries set to give to each new patch for each operating system – if the tools of the NAC approved the assessment on all of the patch. The great burden for to keep the current rules means that the assessment tools NAC far behind the actual risks to which companies.

Intrusion Prevention Systems

Some NAC products were first Intrusion Prevention System (IPS) is based which an abnormal network behavior seemed. These threats were helpful was often network with recognizable signatures. Today’s threats are often invisible to behavior-based IPS in this case, there is no identifiable network anomaly.

Network Devices

Some NAC vendors to deliver their solutions as network devices. It was a choice

for their own convenience, not the needs of their customers . have by providing a device managed to conduct their tests in order to limit a small amount of given platforms. This convenience is obviously misleading. The networks often have to be revised for a device to all traffic on a choke point and reduce the efficiency reliability and add funnel. NAC devices also lack the capacity for a thorough evaluation, good scalability and ways to computers, to protect them if not connected to the network.

< Network Equipment / strong>

Network providers are generally in improving the switching and routing gear to the latest features are interested. You do not have a good presence on the endpoint and further attempts to access the network with devices and machines only failed because it the low score and offers little or no management policy. NAC Network ignored the question of remote or mobile users, but ironically has its roots in the NAC Host Integrity Checking for roaming users.

NAC

The original NAC frameworks – such as Microsoft Network Access Protection (NAP), Cisco Network Admission Control (NAC) and the Trusted Computing Group’s Trusted Network Connect (TNC) – offered basic standards for interoperability and a little more. They provided some pipelines, but has left organizations in order to process the job do it all together. policy management, updating and auditing have been out of the equation.> NAC 2.0: A new> model to ensure

The future of the NAC NAC 2.0 – complete ‘functional roles / p> 2.0 NAC operational impact on the three teams of the IT organization. NAC Focus S 1.0 “to the needs of the network team is to meet a commitment to the real needs of the office team and a new capacity to the requirements of the security team.

added Network Team

As already mentioned, the network team, where many originally NAC solutions kissed and it seemed natural for this team, the main owner of the “Access Control system”, although the NAC is actually more than just the network. The team includes experts on:

/ p> Virtual Switching (VLAN) Routing Management of IP addresses.

The network team responsible for ensuring network availability and performance. It is not generally any responsibility for the assessment and remediation end point and does not care about the configuration of any computer specific criterion. His concern with regard to the evaluation criteria is the appropriate level of service to a computer on his role and the status of compliance-based supply.

NAC and Network Team / strong>

The network team needs NAC to the computer, unknown or dangerous effects on keep the network security, availability and performance.

NAC team needs the transition from the application (VLANs, Access Control Lists), based on managing the compliance status.

< Desktop Team / strong>

The office team is concerned with computers and manages all aspects of its configuration – even when not connected to the network, for example, homelessness.

Squad readers

requirements for the assessment of the configuration of the endpoint, not a clean misconfiguration and patching and updating, including:

Select the management and updating of malware and firewall implementation of best practices for security configuration.

NAC 2.0: A new model for ensuring

NAC and the Office Team / strong>

office team needs NAC as a tool to drift configuration on computers under their control to the network location.

NAC team needs ideal configurations and sanitation to define mechanisms.

< security team / strong>

The security team to regulatory compliance and audit is focused. Although it does not depend on the daily operational responsibility for workstations and network, it sets standards throughout the organization. Some practices are from state regulators, such as HIPAA (USA) 3, PIPEDA (CA) 4, BS7799/ISO27002 (UK / int ‘s) 5 charged with, while some bodies recognized in the industry such as the Center for Internet Security (CIS Benchmarks ) 6 and the Payment Card Industry (PCI DSS) 7

In addition to its already huge responsibility for risk management, the security team is responsible for:

Environmental Audit and cons

standards

Show proof of compliance with standards.

NAC and the “security team / strong>

The security team must NAC to the risk of non-compliant computers to minimize unknown and dangerous, and provide comprehensive reporting and auditing.

NAC needs of the “security team / strong> to define standards for compliance and security best practices.

NAC 2.0 – focus on business objectives

Unlike one-size- fits-all solutions, NAC

recognizes NAC 2.0, the companies have different goals for the employees, contractors and customers, and focused when they are implemented correctly on the needs of each group.

<

strong> business objectives for employees

Activate – not blocking – access to the network and improve the productivity, safety and compliance.

business objectives for official visitors and employees, partners and

Assess the level of risk from unmanaged computers made by visitors.

Enter only limited access to appropriate eligibility and the amount of risk.

business objectives for the guests, informal and unknown computer

proof that block> access to the network without authorization.

secure access to appropriate resources by authorized persons – and not the goal of blocking user from the network. developed to allow In other words, NAC 2.0, instead of blocking access. ‘/ P> user NAC 2.0: A New Model for a Secure Future

NAC 2.0 – to provide “dynamic flexibility / p> departments now have a much richer framework for decisions on the granting of access to corporate resources. For the determination of reasonable access, they can now go beyond simple user identity and role, and check the identity of machine, location, access method, which time, access and perimeter security stance of the state, with the emerging security threats and responses available. The approval of this policy results in more quickly to information in real-time security updates. The decision whether a computer requires complete to date the knowledge of the available security patches. Whether the anti-malware host computer is running, the system must not only its own anti-virus white selected, but also understand that released updates to detect threats from any anti-virus manufacturers at any time. The knowledge of the emerging threats and responses are available for licensing both key decisions and therefore must NAC native capacity to provide this critical information.

Best

develop today’s endpoint NAC solutions to management and control

Access by two different types of skills:

mechanisms network provides a gateway to the network together

with the ability to restrict access to dynamic VLAN / ACL assignments or delivered (as opposed to special purpose devices NAC 1.0) with a capacity of goods in the default network switching platforms. <> A user of the evaluation, sanitation result, access user , reports, audit and respect – for user of all cases of combined use with the necessary rich / strong > Aboriginal capacity assessment and rehabilitation.

NAC 2.0 – on the protection of safety

compliance, industry best practices, IT governance and the new set of drivers behind the development and introduction of NAC. NAC as a tool for safety, productivity and compliance leads to better governance and end point of the network. NAC 2.0, companies can finally take control of their systems – in spite of a rapidly changing environment of the threat and the changing nature of network Edge.

Summary

Access Control Network is a technology to protect valuable resources of an organization at risk. Learn deficiencies previous solutions is further developed in NAC NAC 2.0, a more mature set of integrated technologies, which includes several functional role in the organization, focuses on solving real business problems and promotes a dynamic environment. NAC 2.0 is the future of Network Access Control.


Active Directory Security Audit