Avoid NAC Pitfalls with a Standards-Based Approach

Network Access Control (NAC) is one of the critical challenges in securing today's enterprise. How does an enterprise accommodate a variety of users with disparate access requirements, privileges, and levels of trust, in a single enterprise network? And how does one build a security framework that works with existing infrastructure, allows integration of multiple vendors' products, and creates a solid foundation for future growth?

The challenges include:

•        Increasing network access requirements - for mobile users, unmanaged endpoints, demanding applications, and a diverse user community.

•        Decreasing ability to ensure the security of an enterprise network due to ill-managed endpoints, explosive growth in vulnerabilities and shorter patch-to-outbreak windows.

•        New breeds of threats are driving companies to evaluate NAC as a security solution.

The Trusted Computing Group (TCG) is an industry standards body formed to develop, define, and promote open standards for trusted computing and security technologies. TCG has developed an open architecture and standards for NAC, called Trusted Network Connect (TNC). It enables technology that helps ensure endpoint compliance with integrity policies at and after network connection. Open standards, designed to ensure multi-vendor interoperability across a wide variety of endpoints, network technologies and policies, can take the pain out of NAC deployment.

In an ideal world, NAC offers network protection, application-level access control, network visibility and monitoring (critical to compliance efforts), and role-based user access to handle all users.

In addition to a wide range of deployment considerations, NAC also introduces new challenges such as vendor lock-in, complexity, project scope and business disruption. In addition, the NAC market is still evolving and decisions made today must lay the groundwork for years to come.

Standards-based NAC provides risk mitigation for common enterprise security threats and can be used both to enforce and to demonstrate compliance with regulations such as PCI, HIPAA, Sarbanes-Oxley, etc. Internet drafts are also being developed by the IETF Network Endpoint Assessment Work Group.