Network Access Control Explained: Everything You Need to Know About NAC


In this blog post, we’ll explore what NAC is, how it works and why it’s so relevant for modern businesses. 

What is NAC?

A Network Access Control system is a tool that regulates an organisation’s network. 

NAC systems are there to ensure that only the right users with authenticated and reliable devices (whether they belong to the company or the individual themselves) can log on to the network. Once they are there, the NAC regulates the areas of the network users can access while monitoring and logging their activity.

NACs follow the principle of the 3 A’s:

  • Authentication - Who are you? Can you prove you are who you say you are?
  • Authorisation - What are you allowed to do on the network?
  • Accounting - What are you doing, and for how long?

Every organisation’s network contains private data that, if the wrong people access it, could cause serious, life-changing issues. NAC solutions protect your network and your business from such disasters. This scenario has always been the case, but having a robust NAC has become even more critical in recent years.

The number of machines on a business’ network has increased sharply in recent years. There are company-owned devices, plus personal ones owned by individual employees who can log on remotely, including mobile phones. In addition, there are connected devices, from smart speakers to automatic light switches, that need a slot on the network. Businesses also need to offer an opportunity for guests in their buildings to log on to the network.

This increase presents new risks; which NACs help IT Managers control. A NAC solution allows businesses to create a safe and productive working environment for employees, guests, and associated external stakeholders.

 

How does NAC work?

When a machine attempts to log on to a network regulated by Network Access Control, a sequence of events takes place:

  • Identification - The NAC primarily identifies the device. The issued certificate is typically stored in the Computer store to enable the access before the user logs onto the Computer. If necessary, in a second step, it’s also possible we are also evaluating the user and the group membership.
    • Who is it?
    • Is it a known user?
    • What area are they trying to access?
    • Where are they located?
    • When was the access request made?
    • How was the request made (cable, Wi-Fi, VPN)?
  • Assigning a role - NAC defines which parts of the network they can access and the parts they can’t
  • Enforcement - NAC can deny access to areas where certain users are not allowed 

The ability to restrict access to certain parts of the network for specific users is called segmentation. As well as preventing unauthorised access, it also helps prevent viruses and malware from spreading across the network if something goes wrong. 

If a NAC system refuses access to a user or device for some reason, it puts them in a restricted area with little or no access to the network. This keeps the network free of unauthorised devices and reduces the risk of cybercrime.

A NAC makes a business’ Wi-Fi network safer by automatically applying encryption keys for each session. As a result, attackers cannot use any shared or publicly known secrets to sniff network traffic.

Solutions like NetAttest EPS use digital certificates to make this process faster, simpler, and more secure. NetAttest EPS from Soliton is a NAC system built for the needs of today’s businesses. NetAttest EPS is a 100% rock solid, dedicated all-in-one NAC solution. It gives IT managers everything they need to secure their network, regulate the access and improve performance. Plus it’s available for both small and medium sized businesses. 

 

Want to learn more? Download a copy of the eBook - Network Access Control- One Step Before Your First Line of Defence

 

Jörg Giffhorn

Subscribe Here!