Network Access Control (NAC) is a powerful control used to regulate access to corporate network resources. Some of the goals of a NAC implementation are:
I decided to implement this control inside my corporate network as it solves many of the risks that are affecting or can affect my company. I will tell you in this diary my experience with the implementation and how to determine which NAC solution fits best to your needs. To start, I designed the following test plan to ensure the NAC solution fits into my information security model:
Let's talk about some definitions about the last table:
NAC solution handles two portals:
Both of the portals implicates that any device authenticating to the network by them is always done manually and no servers or critical devices must authenticate this way. My experience with NAC implementation goes with the purchase made by My company using Mcafee N-550 boxes. So far, we have had the following problems:
So, how can you determine which NAC solution fits best to your needs?
What is the NAC solution you have found most valuable? Have you had smooth NAC implementations? Let us know!
Manuel Humberto Santander Peláez |
Manuel Humberto Santander Pelaacuteez 194 Posts ISC Handler Jan 3rd 2013 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Jan 3rd 2013 8 years ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
We use Forescout CounterACT. After evaluating all the biggest names in the industry we went with them. One of our challenges was finding a NAC solution that was out of band and agent less. Expensive but makes NAC pretty simple compared to what our experiences have been over the years.
|
Anonymous |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jan 3rd 2013 8 years ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ForeScout was acquired by McAfee in order to have the best technology for the NAC, which has to integrate with McAfee ForeScout.
http://www.forescout.com/press-release/forescout-mcafee-partnership-delivers-best-in-class-nac-solution-for-continuous-monitoring-and-mitigation/ https://kc.mcafee.com/corporate/index?page=content&id=KB76610 |
Anonymous |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jan 3rd 2013 8 years ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Why not just use a VPN client and every port is guest? Most current VPN clients support health checks before the host can drop onto network. Further, they push onto the correct VLAN's as needed, per user and device rules. Couple this with a persistant VPN (like PAN Global Protect) and users only need to login to their host and not VPN as well.
|
Anonymous |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jan 3rd 2013 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!