Guide To Network Access Control (NAC)

The same way that access control for a building keeps unauthorized visitors out of secure physical areas, network access control (NAC) keeps unauthorized virtual visitors out of your computer network. A sophisticated physical access control system can monitor and permit certain people into certain areas, using RFID badges, biometrics, and gateways. A NAC can do the same thing by assigning permissions to specific users and limiting access on the network based on those permissions.

Most businesses should make use of NAC at a basic level: restrict access to your private network by requiring a username and password. You may need to provide a guest network for visitors to access the internet, but the private network only stays that way if you rely on credentialled access.

For businesses that handle sensitive data or need to protect certain areas within the network, NAC allows you manage permissions for specific users and monitor unauthorized access attempts.

Properly managed NAC is your primary line of defense against hackers, data breaches, and liability in the case of a data leak. As the number of internet connected devices balloons, the importance of NAC grows too. May internet-of-things devices lack robust security firmware and can leave your network vulnerable. Likewise, if you permit every smartphone that comes in range of your wifi signal to connect, you greatly increase the likelihood that you’ll experience a cyberattack.

The two main types of NAC can be thought of as the “front door” and “every door after that.”

This is the front door to your network. If a user lacks the proper credentials, they can’t connect to your network — permission denied. This type of NAC requires a username and password to gain access.

This is every door after the front door. Once a users connect to your network, you may set up additional authorization points and if the user lacks permissions for a given area, they won’t get in, even if they use the proper credentials.

User permissions should be maintained in your database and updated every time an employees is hired, fired, or changes roles within the company.

Here are some of the scenarios where access control is important:

Your NAC should be able to identify users or devices that have been compromised or have gained unauthorized access. The NAC can lock out the device or user and prevent the attack from spreading to the rest of the network.

Internet-capable devices have proliferated in the past decade. Not just smartphones, but many different types, including smart speakers and tools or sensors designed to communicate with a central server. Often these devices lack proper security controls (think of the classic User: “admin”, password: “admin” problem seen on most home routers). If the most common point of entry to your network is the “front door,” IoT devices are “windows” that can allow unauthorized access.

NAC can help you identify devices and implement proper security protocols to keep your network safe.

It’s safe to say that nearly every employee and visitor to your facility will be carrying a smartphone of some kind. If you don’t use NAC to keep all the extra devices restricted to a predefined part of your network, you’ll regret it. Either the excess traffic will bog down the network you need to operate your business or attackers will gain access and wreak havoc.

Unless your facility is locked down from any outside visitors, odds are that you’ll need to maintain a guest network. NAC can allow guests to easily access the internet and conduct important tasks while visiting — consider patients or visitors at a hospital: they may need internet access to communicate with friends and family, but they must be isolated from any system that handles confidential data.

Continuing with the hospital security theme, medical devices often require a network connection to feed data to the central monitoring hub or nurse station. Many hospitals are upgrading to devices that lack a local information readout at all — everything gets sent to diagnostic hub or a readout device. This kind of connectivity requires a comprehensive NAC to comply with HIPAA and protect patient data.

NAC solutions range from simple to extremely sophisticated. If you don’t already have a NAC system in place, you should evaluate the needs of your organization before you choose a solution.

Do you have any NAC in place currently? Does it successful protect your sensitive data and internal networks? Do you have the staff in place to implement a more complex system and keep it up to date? A security system or tool that you don’t use properly is only slightly better than no system at all.

Identify what aspects of your operation that need to be protected from unauthorizaed access. Consider the types of work that your employees do and the types of access they need to do that work efficiently. Do you have contractors or outside vendors that need regular access? Who is responsible for adding and removing users or devices from the NAC? If your internal IT team is already stretched thin, you should consider an IT consultancy that can help audit your network and make recommendations about your needs.

Sophistication and expense tend to walk hand-in-hand. There may be low cost solutions that you can implement that will provide adequate protection without all the bells and whistles of a top-shelf system.

What types of tools and software platforms do you rely on day-to-day? If you choose a NAC solution that won’t integrate with those tools, you’re back to square one.

i.e.Smart Systems is a Houston, TX based technology integration partner that specializes in design and installation of audio/visual technology and structured cabling. For more than three decades, our team of in-house experts has partnered with business owners, architectural firms, general contractors, construction managers, real estate developers, and designers in the Houston market, to deliver reliable, scalable solutions that align with their unique goals.