4.29 Network Access Control (NAC) Deeper Dive

At its simplest form, network access control or NAC is a way to prevent unwanted devices from connecting to a network. Some NAC systems allow for the installation of required software on the end user's device to enforce device compliance to policy. Prior to connecting a high level example of NAC system is hotel internet access. Typically, a user connecting to the hotel network is required to acknowledge the acceptable use policy before being allowed to access the Internet. After the user clicks the acknowledge button, the device is connected to the network that enables internet access. Some hotels add an additional layer requiring the guest to enter a special password or a room number and guest name before access is granted. This prevents abuse by someone who is not by a hotel guest and may even help to track network abuse to a particular user. A slightly more complex scenario is a business that separates employee BYOD devices from corporate owned devices on the network. If the BYOD devices is pre-approved and allowed to connect to the corporate network, the NAC system can validate the device using a hardware address or installed software to check to make sure the antivirus software and operating system software are up-to-date before connecting it to the network. Alternatively, if it is a personal device not allowed to connect to the corporate network, it can be redirected to the guest network for internet access without access to the internal corporate resources.

pasted_image_193.png

pasted_image_194.png