Every day we are faced with security measures designed to control user access. Access limitations are imposed every time we enter a secure building, board a plane, or access our email inboxes. Most people don’t like going through access controls because it takes time and it can be cumbersome (like at the airport), but we are willing to cope with it because it makes us feel safer. This is part of the times we live in…

In the IT world, poor access control measures leave networks open to a myriad of malicious programs. The Mobility Revolution and Telecommuting have brought its own share of challenges that we are still learning to cope with; however, just like you don’t let a criminal with bad intentions into your house, IT should ensure that end-user devices possessing a risk to others, and to themselves, are identified and forbidden to access the network until they are corrected or alleviated from such dysfunction.

Cyber attacks may happen from the inside or trusted side of an organization; not necessarily because disgruntled employees; but because their computers may be manipulated or contain Trojan horse programs or their keystrokes are monitored allowing hackers to critical resources.

A piece of technology that can help address the challenges described above and improve overall security standing of an organization is called Network Admission Control (NAC). NAC enforces a security policy before granting end user devices access to a network and also can provide continuous monitoring of the health condition of such devices so that access to the organization resources can be stopped if the device’s health deteriorates over the course of the day.

There are basically three components in the NAC framework:

  1. A Supplicant. This is a piece of software installed on the end user device used to communicate with the Enforcer. Most current Windows devices have this pre-installed.
  2. An Enforcer or Authenticator. It is a device that sits between the end user device that is requesting access and the infrastructure used to perform authentication. Examples include a network switch and wireless access point. It follows direction from the Authentication Server about what to do when end devices request access to the network.
  3. An Authentication Server. A server that communicates with the Enforcer and receives the end user credentials. This server validates such credentials and grants or denies access and notifies the Enforcer of such decision. It also has the capability to indicate to the Enforcer the security measures that should be included in the physical port connecting to the end user device.
  1. This server has the ability to periodically monitor the health condition of the end user device and act upon it accordingly.

Dell PowerConnect and Force10 network switches meet the industry standards to serve as the Enforcer or Authenticator in a Network Admission Control architecture. Organizations aiming for enterprise-grade security and high degree of regulatory compliance should explore NAC for its corporate and remote office locations. Is your network taking the proper steps to prevent user devices from compromising your network security?

 

This blog is part of our IT planning made simple series – Over the next few weeks, Dell’s technologists like Jorge are sharing the latest industry trends and Dell solutions to help maximize your IT investments. Find out the latest IT Trends at Dell.com/business/itplanning