Network Access Control - Friend or Foe?
By Ian Price on 7th Sep 2016
In discussing network security with the team earlier this week, that overused acronym, NAC (Network Access Control) came up a few times and we got down to debating what it actually means…
It seems that NAC can be considered from two extremes (and probably a whole bunch of intermediates); anything from Not A Chance, to Nearly All Comers and the usability can range from Nice And Clear to Not At-all Comprehensible. I’ll stop there – the last one is a bit contrived…
However, as with so many technologies in our industry NAC can be (almost) whatever you want it to be and clarity on what’s actually needed, backed up by an appropriate technology selection and design, is the only route to implementing a fit for purpose, manageable solution.
The no-risk option of course is to tie the network down to the level where only fully controlled company devices can access it, the trade-off being a complete lack of flexibility and, most likely, serious difficulty (and cost) in implementing any changes.
If that’s not a practicable approach then what’s the route to flexibility with minimal risk?
Requirements for NAC
On the requirements, ask yourself what you really need (not necessarily what you want or would like to have). The difficulty here is that it’s a multi-dimensional question covering:
- Who you want to grant access to
- Which devices they’re using
- Where they’re accessing from
- What they want to access
Each and all of the above will influence the level of access that you may be prepared to grant.
The ‘Who’ includes company staff, executives, VIP visitors, not-so- VIP visitors, and casual visitors (e.g. shoppers in the retail sector); ‘Devices’ range from secure corporate PCs/Laptops to the plethora of rather less secure mobile devices out there; the ‘Where’ covers local and remote access; and the ‘What’ spans simple web redirects to secure corporate areas.
Consistent network management
OK so far? Now overlay all of the above with the need for consistent, manageable control ranging from single site businesses to national and global points of presence and another layer of complexity appears.
Which takes us back a few paragraphs to a sharp focus on what you actually need…?
Ignore the like to have’s for the time being (or at least put them into second tier requirements) and stay with the absolutes. If the core requirements are well understood then the initial selection from the many potential solutions available is relatively straightforward – they either do or don’t meet those requirements.
Once the initial selection is done, the second tier requirements can be checked as well within that select group – ultimately, the final choice will come down, amongst other things, to a balance between cost, functionality, and usability. If the requirements are well understood, most of these choices will be objective although others, such as usability, can be more subjective – we all have different views and what it easy/hard to use.
Still, that’s what we pay the IT guys for isn’t it – making those hard decisions!
User Identity and Secure Network Access
Click here to view our range of network access control and user identity solutions.
If you'd like to explore network access and security options for your business why not talk to a member of our expert team today, we'd love to hear from you!
If you are planning to deploy an enterprise-grade wireless network or are experiencing problems with a existing setup, please feel free to contact Ensign Communications for a chat with our technical team.
Proud Partners Of
Proud to Work With
Investing heavily in new distribution, logistics and staffing initiatives, Sainsbury's approached Ensign to provide wireless LAN infrastructures to hundreds of Sainsbury’s stores across the British Isles.
In order to meet increasing product demand, JLR’s UK parts distribution operation was moved to Liverpool, with plans to operate out of a new 400,000 sq ft site on the Phoenix Industrial Estate at Ellesmere Port.