In a previous blog we talked about device onboarding as a specific service that Moss offers. This is part of a broader spectrum of network security services involving network access control. Let’s talk about what is involved in establishing and maintaining network access control.
What Is Network Access Control?
The definition of network access control (NAC) is straightforward: it’s the management of who and what devices are authorized to access a proprietary network. The process works this way: NAC grants access to both users and devices when they request permission to connect if they can be authenticated by a designated identity and access management system. Each organization decides the policies and parameters of access before the system is installed, and the system allows or denies requests based on the defined security policy.
Authentication and authorization occurs on a network access server (NAS). The NAS verifies logon credentials and also restricts access to data based on the credentials of the user. The NAS also implements applications like firewalls, antivirus software, and spyware to protect itself and users on the network.
Network access control also determines what users can do on the network based on their profile permissions. These seem like simple goals, but NAC is very complex due to the protocols and technologies at play.
What Are the Goals of NAC?
Network access control serves to:
- Authorize and authenticate network connections.
- Control the permissions of users and devices after authentication, allowing them access to only what they have permission to view or modify.
- Contain intellectual property and maintain security and confidentiality of said property.
- Manage identities and assets.
- Assess the security of different devices to determine/allow access to the server. Devices with outdated operating systems and antivirus software would be blocked until these problems are addressed.
Why Do Organizations Need Network Access Control?
There are many reasons a business or organization would benefit from implementing network access control. First, it requires them to define who and what will be allowed on the network and for what purposes. It’s very useful for organizations to decide who will or should have access to their data and intellectual property online, under what circumstances, and what they can do with that information.
Second, NAC protects the network from devices that are not up to date or contain security risks. The users trying to access the network may not have malignant intent, but compliance checks work to keep everyone on the network safe from harm.
It also allows the IT administrator to see and profile who is on the network at any given time in order to minimize risk and gain an understanding of how the network is being used. NAC can simultaneously allow one-time or occasional guest users temporary and restricted access to the network if they need it and reject or disconnect unauthorized users and devices.
Finally, NAC monitors behavior of users and devices and collects information about their behavior. This can be used to further strengthen network security and allow for better user experience.
Without implementing robust network access control, companies cannot safely or effectively allow users to use their personal devices to connect to the network either at home or at work. BYOD (Bring Your Own Device) is common in workplaces today, but without a defined policy about who is allowed on the network and a fully secured network, BYOD is out of the question for most organizations. It’s simply too risky.
Does your organization need to implement or improve your network access control? Contact Moss, and we will be happy to talk to you about what we can do to strengthen your network, and make access seamless while minimizing any risks to your data and users.