Network Access Control - NAC

Network Access Control (NAC), is a computer networking term and set of protocols used to explain how to secure the network nodes prior to the nodes accessing the network. NAC also integrates the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure (routers, switches and firewalls, etc..) to work together with back office servers and end user nodes (computers/servers, printers, and IP phones, etc..) to insure the total information system is operating securely before interoperability is allowed.

Network Access Control (NAC) aims to do exactly what the name implies: control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

NAC's roots trace back to the trusted computing movement. In this context, Trusted Computing Group's (TCG) Trusted Network Connect Sub Group (TNC-SG, now the Trusted Network Connect Work Group, TNC-WG) created an open-architecture alternative to proprietary NAC initiatives. TNC-WG aims at enabling network operators to provide endpoint integrity at every network connection, thus enabling interoperability among multi-vendor network endpoints.[1]

It is still a new technology space, and many vendors are taking advantage of this lack of definition to jump on the NAC bandwagon. But in essence NAC refers to the ability to:

• Enforce security policy and restrict prohibited traffic types
• Identify and contain users or devices that break rules or are noncompliant with policies
• Stop and mitigate zero-day malware and other threats