What is NAC and endpoint security management?

NAC stands for Network Access Control. It is an approach to computer network security that sets policies using several protocols that describe how to securely access network nodes (endpoints). NAC unifies endpoint security technologies such as anti-virus, vulnerability assessment, authentication, and network security enforcement.

Basically, a computer is not permitted to access anything within a network until it complies with the network’s policies (system update level, anti-virus, etc.). When the computer is being checked by a network software agent, it may only access certain resources – ones that can resolve or update any issues. Once the computer is approved and adheres to the policy, it can access network resources and the internet. A NAC system is typically used for filtering access to network resources based on a user’s role. Marketers, for example, might be able to access only the customer relations data while system administrators have access to all of the data.

Communication endpoints are interfaces exposed by communicating channels. The discovery zone of these endpoints can be expanded or narrowed. Communication endpoint can include topics such as publish-subscribe (pub-sub) or a group in group communication systems. A NAC may fix non-compliant nodes before allowing access to network systems. The system will make sure that routers, switches, and firewalls are working properly with the business’ servers and end-user equipment before allowing interoperability within the network.

Why Use NAC? NAC includes an emerging body of security products. Although the definition, when it comes to certain marketing strategies, is evolving and becoming controversial, there are several key goals behind the NAC concept.

• Preventing Zero-Day Attacks – A zero-day attack involves a computer threat that exploits application vulnerabilities that are unknown to the victim. These exploits are usually shared among attackers before the users of an application are made aware of the vulnerability, and therefore unable to counter it without strategies like NAC. NAC adds anti-virus, patches, host intrusion prevention software, etc. to end-stations and prevents attackers and malware from putting the entire network at risk.

• Role-based Access Enforcement – the business policies set by a NAC system will clearly define and carry out role-based restrictions of network resources. This secures the entire network from an attacker who might have credentials for a certain role.

• Authentication and Identity Managemen – User identities based on the authentication of credentials such as passwords adds a layer of security for the network, and provides secure access for each role in a business.