Element detection, a perfect example why NAC solutions are not born equal

According to my definition, at its basis, a network access control solution is first and foremost a security solution. It must ensure that only authorized devices are allowed to access and operate on the enterprise LAN. Only after the NAC solution ensures an element is authorized to operate on the enterprise LAN other access control tests, such as tests that validate the device posture, are to be initiated.

The access policy should be defined prior to the deployment of NAC, so the NAC solution would be able to enforce it.

Although it sounds logical and straightforward that a network access control solution should guard against unauthorized access, for many NAC solutions this is not so…

Operating without contextual network information these NAC solutions may only operate against the elements they are aware of, and not against all of the devices that are actually operating on the enterprise LAN.

In this situation a rogue device can be attached to the enterprise LAN, use its resources, and put the stability, operation and integrity of the enterprise LAN at risk.

In my opinion this is a serious threat. If the NAC solution you are evaluating is not able to perform element detection in a complete, accurate and real-time manner, it is not the solution you should buy.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: