Why Network Access Control Risk is Failing Security Professionals

September 29, 2016 |
Why Network Access Control Risk is Failing Security Professionals

Previously I blogged about the challenges of managing the risks of third-party access highlighting that most organizations still rely on old technologies. Current best practices recommend a laundry list of security technologies: VPNs, VLANs, NAC, Next Generation Firewalls, Privileged Access Management (PAM) solutions, and so on.

But too much technology results in ‘spend in depth’, and not necessarily improved security. And if you’re still using the same principles you were using ten or twenty years ago, you might have the strongest network perimeter in the world, but no ability to respond to internal threats.

Today, let’s consider network access control (NAC).

NAC Defined

Network access control (NAC) is a method of bolstering network security by restricting the availability of network resources to endpoint devices that comply with a defined security policy. A traditional network access control server performs authentication and authorization functions for potential users by verifying client device profiles (such as the presence of antivirus software and spyware-detection programs) before permitting access to the network.

Through a combination of client agents and network server components, NAC systems enforce policies about which network segments users can access. NAC (which often follows the 802.1X protocol), uses client profile and authentication information to make these policy decisions. Based on these policy decisions, the NAC permits access to network segments or VLANs. NAC systems may also require or perform remedy actions on non-compliant devices (such as enabling a client firewall).

NACs do incorporate some (limited) client profile information to make network access decisions, and can (in some ways) remediate non-compliant clients. And they integrate into existing network infrastructure components such as VLANs.

Managing the Risk of Third Party Access

Why NAC Solutions Fall Short

Ultimately though, NAC solutions fall short for several reasons:

  • Most importantly, they cannot provide fine-grained control of which network resource users can access. They rely on existing (and separately managed) network segments, firewalls, or VLANs.
  • Due to the management issues around adding devices and firewall rules, enterprises have expressed doubt about the practicality of NAC deployment in networks with large numbers of diverse users and devices, the nature of which constantly change.
  • They typically have limited ability to make access decisions based on user context.
  • NACs do not provide secure, encrypted communications between clients and services.
  • NAC customers must use another solution (such as a VPN), which adds more cost, complexity, and management effort.

Better Manage Third-Party Access

There are a number of ways that organizations can better manage the risks of third-party access and decrease the chances that attackers are able to penetrate through each of the defense layers.

To read ways to better manage third-party access, download our latest whitepaper on Managing the Risks of Third-Party Access. Learn new alternatives to mitigating the damage potential of third party-related breaches.

Managing the Risk of Third Party Access

Back to Blog Home

Philip Marshall

As Cryptzone’s Director of Product Marketing, Phil Marshall brings over 14 years of experience in both product and services marketing as well as 10 + years experience in the high-tech publishing space with publications including Dr. Dobb’s Journal and Byte magazine. Prior to joining Cryptzone, Phil worked at security firms Rapid7, Positive Technologies and RSA. He also was a Senior Product Marketing Manager at Black Duck, the leading open source governance and management firm.

A speaker at recent (ISC)2 conferences and ISACA, he’s participated in numerous webinars, in panel discussions and presented on topics including Identity Security, Application Security and Open Source Governance and Management.

Marshall earned a BA at Bates College and an MBA, cum laude, at the F.W. Olin Graduate School of Business at Babson College.

Leave a Reply

Your email address will not be published. Required fields are marked *