Q1: What is NAC Director?
NAC Director is a user-focused, network-based network access
control solution that automates identity management, endpoint
compliance, and usage policy enforcement.
Q2: How is NAC Director different from other NAC products
on the market today?
NAC Director delivers all three components of network access
control – identity management, endpoint compliance, and
usage policy enforcement – regardless of the kind of
network connection (wired, wireless, or VPN). In addition,
the solution works in multi-vendor and multi-platform environments,
allowing organizations to leverage all past and current infrastructure
investments.
Unlike NAC Director and its comprehensive feature set, many
of the NAC offerings on the market today are point solutions
that deliver one or two components of network access control.
Q3: How does NAC Director recognize and manage specific
users and devices?
NAC Director requires all users to register prior to allowing
them access to the network, providing an invaluable tool for
network administration staff. Among other things, the registration
process helps to:
-
Control network access for wired, VPN and wireless users
-
Assist in tracking all users by location, name or address (MAC
or IP)
-
Provide role-based access and levels of service via dynamic
VLAN assignment
Implementing a user registration and authentication policy
across the network ensures each device has appropriate ownership
assigned. Each user is required to register their hardware
before gaining access to the network, which provides an added
level of security and control.
Users are prompted for user identification credentials
via a friendly web browser interface. The user is typically
presented with several screens, which they quickly scroll through.
In addition to being prompted for credentials, many administrators
post acceptable use policy information for the user to review
and accept before completing the registration process.
Q4: What type of information does NAC Director collect
about users and devices?
The system gathers comprehensive data on the machine, MAC
and IP addresses, time-of-day, user identity and location to
make intelligent decisions. By effectively associating the
device with the specific user and location, NAC Director makes
intelligent decisions to guard the network. Is the user recognized?
What level of access are they allowed? Are they authorized
to access specific services from their location?
Q5: How does NAC Director handle guests and contractors,
as opposed to employees?
NAC Director uses both persistent and dissolvable agents
during the registration process and to assess endpoint compliance.
Company employees will be required, as part of compliance,
to install the persistent agent on their devices. Guests, contractors
and other third-parties will be identified by the systems as “unrecognized
users” and will have a dissolvable agent pushed to their
device to establish identity and compliance.
Q6: What type of data does NAC Director check for endpoint
compliance?
NAC Director gathers data on anti-virus and anti-spyware
software and versions, operating systems, required applications
(such as firewalls, etc.), and prohibited applications .
Q7 : What methods are used to isolate non-compliant
machines?
NAC Director can take a number of different isolation actions,
including:
-
VLAN-based isolation provides true network isolation for different
ports on the same switch. NAC Director can assign one VLAN
to machines that have not yet been authenticated, another to
devices known to be compromised, and another to machines that
are approved for access.
-
IP-based isolation is similar, but assigns devices to different
logical networks. DHCP servers can be used to assign machines
into the different pre-registration, remediation, or public
networks.
-
Role-based isolation makes access decisions based upon
identity and specific roles
A captive portal makes decisions about where to send specific
users and/or devices, determining to which internal or external
networks the host can connect. As the system makes decisions
about where to send specific users and/or devices, no matter
which internal or external network the machine can access,
all users see the same, consistent captive gateway, regardless
of access process.
Q8: Does NAC Director offer self-remediation for non-compliant
machines?
Yes. If a user’s device is found to be running an
older version of the required anti-virus, for example, they
will be taken to a screen where they are informed of the problem
and prompted to download the latest version. Once that is done,
the system again checks for compliance, and once it returns
a “Success” message, the user is allowed access
to the network.
Q9: What market segments will particularly benefit from
NAC Director?
Any organization with a dispersed network, large store of
data and a need to provide anytime, anywhere access while protecting
the network. However, companies in the health care, financial
services, education, insurance and government sectors, as well
as publicly-held companies, have specific challenges that our
solution addresses particularly well.
Q10: Our staff move between wired and wireless connections
constantly. Does this mean that they will need to go through
a lengthy authentication process each time they switch?
NAC Director is connection-independent and ensures a consistent
user experience across connection types (wired to wireless,
for example). A device validated by NAC Director for wired
access does not have to be re-validated if the interface it’s
connecting through differs from the way it connected in when
it first accessed the network. NAC Director is intelligent
enough to differentiate between a device and a MAC address
and to correlate device information, when necessary, to prevent
duplicate testing. This process minimizes network authentication
while eliminating the unnecessary step of asking users to be
validated again if they switch their connection interface from
wired to wireless.
Q11: What about regulations like SOX, HIPAA or CALEA?
Can I integrate NAC Director with my compliance efforts?
From the network perspective, compliance with these
regulations consists of the following requirements:
-
Policies: Documented security policies to prevent intrusion
and protect private information
-
Authentication: Verification that no one is accessing
data without authorization
-
Access Control: Ensuring that only those with the proper
privileges are accessing systems and data
-
Remediation: Timely notification of, and rapid response
to, security incidents
-
Audit: Documentation regarding the use of systems,
applications, and data
A comprehensive NAC solution, like NAC Director, which
addresses both pre- and post-admission issues and covers policy,
endpoint compliance, and identity, can help organizations effectively
and efficiently address regulatory compliance needs by automating
these processes and providing the appropriate audit and documentation
information.
|
