Network access control is an embedded device or a virtual appliance which monitor network traffic and identify the data flow via network layers.After monitoring the patterns ,policies can apply on devices as well as users.It take over the control of the network environment & ease to manage whole network by a centralize console.
To get a brief idea what NAC is capable of ,following areas can discuss
1. Assets management
2. Compliance check
3 Corporate /Guest user access management
4. Threat management
5. Security management
6. Audit report
NAC is in a position where it can monitor traffic by using trap device or a span port which has configured with promiscuous mode.The best position is to place NAC connecting to the root switch.Where root switch is the always best path that traffic will flow through.
There are two methods to enforce the policies to the endpoints.
Agent less
with Agent
Basically a guest's endpoint information can't reach without administrative power of the host.Therefore NMAP,NBT Scans will run through the network to get the information.To get further
information agent can deploy to the endpoint via http .So agent can run as a process until guest goes out from the network.
Same scenario can run on hosts where domain admin have the privilege to send WMI data without use of the agent
When comparing with a syslog server or a log management server,remediation actions can proceed with a NAC & which is a huge advantage .That is the main reason NAC is going to be a trend in organizations which try align with compliance .Following are some of remediation actions a NAC can deploy.
Assign to quarantine VLAN
Update pushing
Honeypot counter attacks
IP ACL blocking
inline firewall rules
Technology Involvement
Span /Mirroring Port
Promiscuous Mode
NMAP/WMI/NBT
IP ACL
Port Blocking
Compliance checking
HIPAA
GLBA
SOX
PCI
FISMA
1. Assets management
2. Compliance check
3 Corporate /Guest user access management
4. Threat management
5. Security management
6. Audit report
NAC is in a position where it can monitor traffic by using trap device or a span port which has configured with promiscuous mode.The best position is to place NAC connecting to the root switch.Where root switch is the always best path that traffic will flow through.
There are two methods to enforce the policies to the endpoints.
Agent less
with Agent
Basically a guest's endpoint information can't reach without administrative power of the host.Therefore NMAP,NBT Scans will run through the network to get the information.To get further
information agent can deploy to the endpoint via http .So agent can run as a process until guest goes out from the network.
Same scenario can run on hosts where domain admin have the privilege to send WMI data without use of the agent
When comparing with a syslog server or a log management server,remediation actions can proceed with a NAC & which is a huge advantage .That is the main reason NAC is going to be a trend in organizations which try align with compliance .Following are some of remediation actions a NAC can deploy.
Assign to quarantine VLAN
Update pushing
Honeypot counter attacks
IP ACL blocking
inline firewall rules
Technology Involvement
Span /Mirroring Port
Promiscuous Mode
NMAP/WMI/NBT
IP ACL
Port Blocking
Compliance checking
HIPAA
GLBA
SOX
PCI
FISMA
No comments:
Post a Comment