Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.

Published byBrittany Phillips Modified over 7 years ago

Similar presentations

Presentation on theme: "Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication."— Presentation transcript:

1 Cosc 5/4765 NAC Network Access Control

2 What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication Endpoint-security Assessment Network environment information

3 What is NAC? (2) Except it’s not that simple –Even the vendors confuse the definition –The architectural options are complicated Multivendor options are even more complex. –There are lots of Questions that arise about varying implementations/vendors.

4 What is NAC? (3) Wired, wireless, and/or VPN? Is NAC a monitoring system or just for entry onto the network. IE once the security and authentication is done, now what? Is it an application on the computer or not? Inline or outbound monitoring –assuming monitoring

5 Approaches to NAC Edge control –The principle of a firewall pushed to where the clients connect Core control –NAC device on the network collects authentication and endpoint security info. It enforces policy control Client control –An application on the client that enforces client control. Example: Turning off wireless when the VPN is not connected.

6 Core Theory Apply a policy for network access across LAN, wireless and VPN infrastructures. The access-control policy –a go/no-go decision on network access –a choice of virtual LANs –As complex as a set of per-user firewall rules defining which parts of the network are accessible.

7 General deployment A client NAC on the system –Collects client data about the “health” of the system. A policy management appliance –Can be used for authentication –Can be problematic. –Uses data from the client NAC to determine network access. –May also do client monitoring to determine the client is behaving correctly.

8 Generally how NAC works.

9 Client NAC Collection of typical data –AntiVirus installed and up to date –Client patched to a standard. –Registry checks –P2P and file sharing –Applications install/not installed. Malware/spyware and commercial software

10 Without a Client NAC Some implementations allow for clientless NAC –System attempts to determine status of the system Asks the computer for information Some doc’s show it can be falsely detected as an attack.

11 Monitoring Inline –Allows for post enforcement (monitoring) of systems. –Allows layer 2 through layer 7 (some only layer 4) inspection. Out of band –Little disruption to the network –Can filter based on user and/or categories instead of everything.

12 A Setup for Cisco NAC

13 full-featured access control solution can do: Control who can get onto your LAN and limit what resources they can reach Limit the reach of less-trusted or less-known users –such as contractors, technicians, remote users, or offshore workers Restrict who can access sensitive financial or customer records Control access to data based on role, time of day, location, and application Segment users to meet compliance requirements Protect against known and unknown malware Simplify incident response Protect critical application services such as VoIP

14 full-featured access control solution can not do: Protect information that leaves the premises –via e-mail, laptop theft, printouts, or USB storage devices Defend against social engineering Block known malware from entering over the WAN connection Prevent users with authorized access from using data inappropriately

15 Other issues printers, cameras, PDAs, game consoles, phones and other IP devices for NAC compliance. –These devices (mostly) can not use client NAC software And maybe difficult to categorize correctly or at all. –Some NAC can identify certain devices Most of the IP phones for VOIP, since it will use VOIP protocols.

16 Lastly. This lecture is far from complete. NAC is still a technology BUZZ word and the standards are in flux. Vendors can’t agree on standards –And don’t work with each other. Some flavors of *nix are currently left out of NAC

17 Q A &

18 References Mostly web pages: http://www.networkworld.com/topics/nac.ht ml and associated articles linked from this page.http://www.networkworld.com/topics/nac.ht ml http://www.interop.com/archive/pdfs/NAC. pdf

Download ppt "Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication."

Similar presentations

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Justin Rowling – Systems Engineer Protecting your network with Network Admission.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Justin Rowling – Systems Engineer Protecting your network with Network Admission.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Information Security in Real Business

Information Security in Real Business
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

Similar presentations

Ads by Google