Over the last year, network security has come back into focus in a big way. Organizations are implementing upgraded security measures to make sure their data is safe. Client devices are targeted all the time, making the networks they join vulnerable. If any of these devices join your network, they can infect it – causing widespread disruption and chaos. So, while we know that our end-user devices should have anti-virus software – shouldn’t we arm our network too?
Security should start right with the building blocks of network infrastructure and then extend out all the way to the edge. Networks need to be armed to prevent infected machines from joining them. Not only should they be stopped at access – but there should be a way to get them to comply throughout the time they are connected. This is where Network access security and control comes in.
A Network Access Control (NAC) Server allows the authorization, authentication, and accounting of network connections. It works with network infrastructure devices to enable access or change of authorization decisions for all end-user devices. It performs pre-admission endpoint security checks and post-admission controls over where users can connect on the network.
Let’s take a look at some of the key terms associated with a NAC –
A NAC can also be used to onboard guests – when a new device is detected, the server checks for an existing profile or user. Once identified as a Guest device, it will go through the health check similar to the one detailed above. After it has passed the health-check, the NAC server will work with the network switch or AP to put it on the correct Guest VLAN. The Guest VLAN will have appropriate access lists in place to make sure the device has restricted accessConcluding from above, we see the importance of network security in securing data centers and corporate data from the point of entry into an organizations infrastructure. Implementing a modern simple NAC solution like Aerohive’s A3 will help keep security a high priority in your organization.
Original post from Aerohive.