Every day we are faced with security measures designed to control user access—when entering a secure building, at the airport or accessing our email. This can be annoying, but we cope with it for the safety benefits. In the IT world, poor access-control measures leave networks open to a myriad of malicious programs. IT should ensure that end-user devices posing risk, both inside and outside the organization, are identified and forbidden to access the network until they are corrected or unsafe elements are removed.

Network Admission Control (NAC) can help address the challenges described above and improve overall security in an organization. NAC enforces a security policy before granting end-user devices access to a network and also can provide continuous monitoring of the health of such devices, so that access to resources can be stopped if the device’s health deteriorates over the course of the day.

There are basically three components in the NAC framework:

  1. The supplicant is a piece of software installed on the end-user device and used to communicate with the enforcer. Most current Windows® devices have this preinstalled.
  2. The enforcer, or authenticator, is a device that sits between the end-user device that is requesting access and the infrastructure used to perform authentication. Examples include a network switch or wireless access point. It follows direction from the authentication server about what to do when end devices request access to the network.
  3. The authentication server communicates with the enforcer and receives the end-user credentials. This server validates such credentials and grants or denies access and notifies the enforcer of the decision. It also has the capability to indicate to the enforcer the security measures that should be included in the physical port connecting to the end-user device. This server has the ability to periodically monitor the health condition of the end-user device and act upon it accordingly.

Organizations aiming for enterprise-grade security and a high degree of regulatory compliance should explore NAC for its corporate and remote office locations. Is your network taking the proper steps to prevent user devices from compromising your network security?

Network Admission Control diagram

--Jorge Aragon is an enterprise technologist at Dell, specializing in networking and security.