Sunday, February 18, 2007

Teleworker Guide - NAC

Network Admission Control, a.k.a. NAC, is a technology that is predicted to gain popularity this year. For IT professionals, it means that we are extending the security to the end-point, and controlling who can have access to what, and under certain conditions. For example , if you have remote workers, and you provide them with a VPN appliance for their home, what stops them from connecting their home computer to the appliance?? And the IT department doesn't have control over that machine. There is where NAC comes to play.
With NAC, the IT department can check the machine that is trying to connect to the network, and if certain tests fails (e.g. There is no anti-virus installed, or it is not up-to-date, or a certain critical Microsoft Windows patch is missing), then the computer is denied access to the network by placing it in a restricted network. Then, the IT department can instruct and direct the user to update the computer to get it up to the standards in order to gain the proper access to the network.
This is a must for Teleworker environments where VPN appliances are deployed at the customer premises.
The business benefit of having NAC is greater than just controlling Teleworkers. It ensures that endpoints conform to security policy, proactively protects against worms and viruses by focusing operations on prevention, not reaction. It also extends existing investment by integrating with multivendor security and management applications.
NAC works also for controlling guests that come to the office and connect to the wireless network, or plug themselves to a port in a conference room. It provides a form of control, to avoid back-doors for Virus and Worms to come into the network. The savings are reflected on the security side, in the form of avoiding remediation costs in the case of an attack or infection. But just like with any security solution, you will not see a benefit unless you are prone to an attack. It is very difficult for some people to understand that the benefit of a security solution like NAC is direct, but the proof is completely indirect (i.e you can't really see it unless you are a victim).
For more information about NAC, check this out.

No comments: