Skip to content
Be excellent.
  • My Account
  • My Wishlist
Menu
  • My Account
  • My Wishlist
$0.00 Cart
  • Customer Solutions
    • Application & Data Experience
    • End User Experience
    • Security & Risk Mitigation
  • Who We Are
    • Our Commitment to You
    • What Our Clients Say
    • Our Partners
    • Careers
  • Knowledge Base
  • Get in Touch
Menu
  • Customer Solutions
    • Application & Data Experience
    • End User Experience
    • Security & Risk Mitigation
  • Who We Are
    • Our Commitment to You
    • What Our Clients Say
    • Our Partners
    • Careers
  • Knowledge Base
  • Get in Touch
Value Center
Who has the keys to access your network?
Office of the CIO
Office of the CIO

Considerations When Deploying Network Access Control

  • November 4, 2019
  • From the Experts
  • No Comments
  • End User Experience, Identity & Access Management, Network Access Control, Network Architecture and Execution, Security & Risk Mitigation, Strategy

Network Access Control Overview

Today we look at deploying Network Access Control (NAC) and five considerations to explore before implementation. Network Access Control is a solution that applies and enforces network access policies. In its most basic implementation, NAC is the decision maker of what devices are allowed on the network. NAC is implemented in both wired and wireless networks and often integrates with other systems in the security stack to enforce security policy.

Today’s requirements for enabling all parts of the business while maintaining network security require some type of NAC. Additionally, a well-implemented NAC can reduce network configuration time. Instead of manually configuring every switch port at time of deployment, the switch and NAC combined will automatically configure the port for the type of device that is connected, no matter which port the device connects to.

NAC can quickly become a complex, yet crucial part of your network infrastructure. In our recent post covering some simple steps to strengthening your security posture, we touched on the importance of maintaining controls to your network access.

Here are some important considerations for deploying Network Access Control.

Know What is on the Network

The number of devices on corporate networks is continuously increasing. Between the Internet of Things (IoT), physical security, media endpoints, phones, tablets, and computers, growth is constant. Most of this growth comes from devices that should be not be trusted (think of some recent, high-profile security breaches) but need some level of network access. The business requires these devices to have some level access, whether Internet or to another connected device, but they should not be granted unfettered access to the enterprise.

To compound matters, these devices are often designed and manufactured by companies that don’t traditionally make network devices. This means the devices often don’t support common authentication standards, such as 802.1X, but still need network access. Additionally, nearly every NAC deployment finds devices on the network that you didn’t already know about.

Planning for these devices, both in how they authenticate and what type of access they have is crucial to a successful NAC deployment.

Where to Enforce Security Policy

Network devices have more capability today than they ever have. Increased capability can bring increased complexity. For example, most wireless systems can enforce some layer of network policy enforcement, from application-based firewalls to stateless ACLs. In many networks, every hop has the ability to enforce some type of network control.

We recommend being intentional on where to enforce your network policy. For some organizations, this means the NAC solution pushes down dynamic ACLs on every switch port. For others, this means the NAC places different classes of hosts into different VLANs and all traffic traverses the firewall for policy enforcement. Being intentional on where you enforce policy makes your access policy easier to implement and troubleshoot.

Security Stack Integration

All modern NAC solutions support integration with other elements of your security stack. When selecting, designing, and implementing NAC, it is important to consider which devices to integrate with and plan accordingly.

A common integration is between the NAC and firewall. If the firewall detects a malware infection, it can inform your NAC. The NAC then will send a change of authorization (CoA) to the switch or wireless controller, which can deauthenticate a user or place them into a remediation zone.

Guests, Contractors and BYOD

Many companies still use a pre-shared key for one or more wireless networks. We all know these keys inevitably get known and no longer are effective. Additionally, you can rotate your pre-shared key, but this becomes frustrating overhead to change on your wireless infrastructure, all connected devices, and communicate the key to the right parties.

In addition to employee and corporate-owned device access, NAC can also support guests, contractors, and employee-owned devices without resorting to a single pre-shared key. Consider how you want to treat all these devices, whether the same or differently, and how you want to on board these devices to your network.

User Experience

Companies implement NAC to help secure users, not to frustrate them. Take to time to fully test all workflows and policies to ensure that the NAC deployment can be systematically deployed across the organization without causing interruptions to legitimate traffic. Nothing stops a NAC roll out like a VIP’s device getting kicked off the network.

Considering user experience also means designing how the system will fail. If a remote site loses its connection to the NAC systems, how will it fail? It is important to consider and balance user experience with security requirements.

Where to Go From Here…

The design, execution, and integration of NAC outcomes requires careful forethought. Leveraging resources that have experience and the requisite trainings will greatly reduce your risk and improve the likelihood of a positive technology experience. Our team of experts has built the expertise to deliver a NAC-based outcome. We can also help you understand the proper solution to align to your current network topology.

As NAC becomes more defined in your ecosystem, you’ll want to consider the various phases of deployment. We explored a NAC maturity model in a subsequent post.

If you’re looking for a team to come alongside you when deploying network access control, we’re a phone call away. Stay focused. Get better. Be excellent.

 

Share This Post
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email

Leave a Comment Cancel Reply

Your email address will not be published. Required fields are marked *

PrevPreviousAligning Your Technical Design and Execution to Improve Your Security Posture
NextIncorporating Modern Network Design PrinciplesNext
Linkedin Twitter Envelope
Get a Customized Solution

616.202.6518

  • My Account
  • Privacy Policy
  • Terms & Conditions
  • Apply For Credit
  • Careers
  • Contact Us
Menu
  • My Account
  • Privacy Policy
  • Terms & Conditions
  • Apply For Credit
  • Careers
  • Contact Us

Sign Up For The Latest

Sign up for our blog and product updates and receive an instant online coupon code.

© 2021 Elevate Technology Partners LLC. Designed & Developed by Kynda.
Apply For Credit
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsAccept
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.