Network Admission Control

Until you are able to say, "I know what and who is connected to my network right now", you will not be able to truly provide a secure networking and computing environment. The lack of this type of control and visibility on most networks today is a gaping fundamental flaw in security implementation. In order to truly apply security controls within the network, you must know who and/or what is on the source/connecting system. Additionally, in order to inspect data flows, respond to security alerts, and perform various types of forensics tasks on the network, you must be able correlate log data (like that found in a SEIM) with the accessing system and user information. Without this level of data, most of your security investigations will likely end with an offending IP or MAC address as a dead-end without ultimate resolution and the true identity of the offender.

In order to provide this level of visibilty, today's organizations should implement some form of Network Addmission Control (NAC). NAC is typically comprised of 2 technical tasks although only the first task is required:

  1. Authentication of an individual or device: The ability to identify a person or device is who they say they are by various mechanisms such as id/password combination, certificates, biometrics, etc
  2. Posturing of the device: The ability to determine if a system meets your pre-determined cirteria to be allowed access to the network

NAC should also, once the above 2 tasks are perfomed, have the ability to both report the necessary data resulting from the access attempt and/or success and also provide deterministic access to the network and its resources as a result of the NAC process. It is also critically important that any NAC implementation have the ability to deal with non-user devices such as printers, ip-phones, environmental controls, badge readers, POS terminals, security camers, health-care devices, and manufacturing equipment.  A complete enterprise NAC solution should also provide guest access for non-corporate approved assets that may require some level of network access (examples include contractors and onsite sales demonstrations).

More Information:

For more information on Network Admission Control Products, Solutions and Priveon Implementation Services, please contact us.