Challenges of Implementing Network Access Control PDF
| Title | Challenges of Implementing Network Access Control |
|---|---|
| Author | Angelina Lewis |
| Course | Introduction to Computers and Data Processing |
| Institution | Mt. San Jacinto College |
| Pages | 12 |
| File Size | 333.6 KB |
| File Type | |
| Total Downloads | 53 |
| Total Views | 157 |
Summary
The purpose of the paper is to introduce proof of concept (POC) besides real-life testing
that can be used to implement NAC within an organization. The feasibility of the proposed
solution for NAC that will be achieved is determined with the POC. Therefore, the paper seeks to analysis co...
Description
Running head: CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
Challenges of Implementing Network Access Control (Author’s name) (Institutional Affiliation) (Date)
1
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
2
Introduction Network Access control (NAC) main aim is improving and enhancing network security. Most significantly, it inhibits resource availability as well as access to devices that are only authorized to IT network utilized with most organizations. NAC is implemented with numerous organizations to handle contractor and guest access. Through NAC, organizations can establish compliance requirement over their resources and data by establishing restriction. On top of that, NAC enables an organization to manage their assets by creating inventory management. The purpose of the paper is to introduce proof of concept (POC) besides real-life testing that can be used to implement NAC within an organization. The feasibility of the proposed solution for NAC that will be achieved is determined with the POC. Therefore, the paper seeks to analysis consideration, selection, and preference that can be utilized for applying NAC to establish a suitable security posture for an organization. Where applicable, the implementation instruction together with steps will be examined to aid in enactment and fruitful duplication of NAC innovation. History of Network Access Control Previously NAC was used as a system for authentication technology before tremendous evolution of technology, and advances in computing technology started using it as security integrator. Presently, Network Access Control has evolved into a comprehensive security automation and orchestration solution. Most importantly, this has been fuelled by the demand that most companies are currently facing concerning regulatory requirements, such as DSS, PCI, SEC/SOX, and HIPPA among others. The latter requirement compromises of data protection and restriction on network access control. Organization need to develop a comprehensive security
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
3
control over their entire network Medias to secure any possible terminus thus reducing financial losses imposed due to the violation of proper security control. Through implementation of NAC, adequate security control can be established over organization critical infrastructure and sensitive data that hamper their normal operation in addition to attaining their objective. Graphical illustration of NAC history is shown in Figure 1 below. The first version of NAC 1.0 was mainly concerned with the onboarding of devices owned by an organization. The second version of NAC 2.0 was primarily concerned with fortification of the network devices while enabling the utilization of Bring Your Own Device (BYOD). The current platform of NAC has evolving to incorporate security automation and orchestration (SA &O), proficient of harmonizing automated response, control, and endpoint visibility to reduce the reaction time for several threats in organization network.
Figure 1: Evolution of NAC since its inception, Source: Matthews (2017)
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
4
The third generation Network Access control is capable of assessing device identity, user and analyze system for any vulnerability and risk capable of affecting the normal operation of the network systems. After that, NAC implements access right determined with policies already defined as illustrated in Figure 2 below. The levels represented from the diagram are four, which include unrestricted access, restricted access, guest access, and no access. The level of risk in a system is verified continuously using SA&O tool and adjusts the security level automatically. NAC has progressed to innovative security integrator solution from authentication solutions. The automation offered by the third generation NAC has been fuelled by the proliferation and growth of IoT and BYOD.
Figure 2: Policies based on Trust on NAC Source: Matthews (2017)
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
5
Implementation Requirement The Centre for Internet Security Control (CISC) recommends that organization can develop active management of the equipment used in IT network by enabling access to only authorized devices. Unmanaged and unauthorized devices are denied access to the organization system. Using this system, an organization is capable of proactively managing track, inventory, and correct hardware placement within their network architecture (Matthews, 2017). The latter mentioned control approach is referred to as Control Number1, which is concerned with the inventory of unauthorized and authorized gadget that can be enforced with network access control (NAC). The requirement for Control Number 1 is illustrated in Figure 3 below, including appropriate steps that are recommended.
Figure 3: Number 1 Critical security control Source: Matthews (2017)
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
6
The requirements for implementation of NAC concerned with the Proof of Concept are as follow:
The solution should be simple
Automatic addition of new guests and systems
Granular regulation control including enforcement
Central administration of diverse NAC solution
Must be capable of handling VoIP, BYOD, IOT, and printer among others
100 percent survey of all gadgets used on the network or attempting to initiate a connection to the system.
Establish compliance control of organization owned IT assets.
Vendor The top vendors that have been assessed in the following research include Bradford, Cisco, and Portnox networks. Every vendor offers a unique approach and solution for Network Access Control issues with different quadrants of the Gartner Magic Quadrants shown in Figure 4 below. The study based on Gartner Magic Quadrant categorizes business according to their "completeness of vision" together with their aptitude to initiate their proposed solution.
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
7
Figure 4: Gartner Magic Quadrant for Network Access Control Source: Matthews (2017) Portnox Portnox was established in the year 2007, and their crucial area of business is mainly concerned with NAC solutions functioning in the EMEA and United States. The solutions proposed with NAC include implementation of wireless controller and switch level rather than a supplicant. It means that only a few gadgets are used. The core solutions offered with Portnox develops a template for every product and coordinates it to a signature. As such, the requirement for the solution does not factor in 802.1 xs within the proposed solution (Andrus, 2012).
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
8
Cisco Cisco is capable of supporting both device management and authentication with its policy server based on ISE. Cisco ISE comes in two platforms namely virtual servers and hardware appliance. The device profiling capability is updated through the profile feed service. Most significantly, terminus groupings are presented over their profiling in addition to reports of gadgets that are associated with organization network (Cisco NAC Solution Data Sheet - 2017). Moreover, the framework of Cisco ISE includes pxGrid, which is capable of incorporating a third-party technologies and Cisco security products. Furthermore, NAC posture included in the Cisco product, factors in baseline capabilities. Bradford Networks Bradford network is a privately own company based in Boston. The company has been offering NAC solution for the past decade. The premium product provided by Bradford include network sentry. The hardware contains a radius-based solution that is confined to the network entry. It offers a similar solution to Portnox with one requirement that demands all connections to be establish in all switches. Network sentry also utilized Secure Shell Version 2 to control as well as manage access to ports (Andrus, 2012). In addition to that, the system incorporates host summaries, network, and alarms with a rapid survey of the unified environment. Challenges associated with NAC Non- authenticating Assets Current solutions offered with NAC presently provide non-authenticating asset profilebased permission as the utilization tool. Notably, the focus of the system is to provide comprehensive network visibility. Lack of comprehensive network visibility allows black hackers to gain access to network devices and components easily (Cisco NAC Solution Data
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
9
Sheet - 2017). These three vendors, namely, Cisco, Portnox, and Bradford Network utilizes similar technique mentioned above for non-authenticating assets by establishing different trust levels through data that accumulates automatically. The data collected is contrasted with the information established on their profiles. Approach for implementation Different organisation need to review various strategies that can be applied to implement NAC within their network environment. Based on the organization needs and requirements, they can use either phased implementation or full implementation. Key areas are also important consideration that the organization needs to determine before they begin implementing NAC within their system (Center for Internet Security, 2016). The benefit, drawback, and impact of each type of implementation approach are also an important consideration that needs to factor into the implementation approach that will be adopted by the organization. The implementation approach recommended with Portnox considers suitable deployment strategy to be divided into numerous steps particularly for their 2.5 version application. The procedure should be adopted for any network regardless of its breath or size. It is recommended that the implementation process should begin with the representative sample and proceed thereof. Cisco and Bradford both recommend organizations to implement NAC systems via a learning mode. By applying the latter strategy, the system can collect all information contained within their switches rapidly (Matthews, 2017). Moreover, the approach allows classification of different organization gadgets before gathering their data. As such, the system is configured based on the information collected in that manner, establishing a rule for connection.
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
10
Notably, all three vendors endorse that the implementation of NAC should be performed through a phased approach. The approach recommended be suitable because the user base is less impacted compared to using full implementation. Using the latter method would disrupt the network environment of the organization. Types of NAC technology There are different types of NAC technologies that organizations can sort for to implement in their network environment. It is important to contrast and compare appliance, inline, and out of bound devices to determine suitable NAC technology for the network environment (Matthews, 2017). Out of bound are devices operating separately from the network traffic. When organization network is overloaded, there is no need to remove out of bound device because they are separated from the network traffic. On the other, in-line devices are NAC tools, which are directly linked to the traffic of the network. The benefit of using in-line devices is its ability to scan all network traffics that an organization uses. Use and Installation of NAC The software setup is launched before the pre-configuration step of the NAC system. After installing NAC system, the next step will be rebooting the application, which is followed by the process of installation. The entire password installed with the NAC system is recorded together with the ports that have been used. The installation process is simple and faster. After performing all the procedures mentioned previously, the system will be rebooted for the second time to be able to function adequately (Neiva & Orans, 2017). The most important part of installing the NAC system will be specifying start device and first switch determination. In conclusion, the researchers have examined NAC System by assessing three vendors that include Portnox, Bradford, and Cisco ISE. The latter vendors were analyzed and compared
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
11
relative to NAC and POC implementation demand examined in the research earlier. According to the analysis performed, the best way for implementing NAC without experiencing challenges is through phased implementation approach.
CHALLENGES OF IMPLEMENTING NETWORK ACCESS CONTROL
12
References Andrus, F. (2012, July 7). Understanding the Difference Between 802.1x and NAC | Bradford Networks.
Retrieved
from
https://www.bradfordnetworks.com/understanding-the-
difference-between-8021x-and-nac Center
for
Internet
Security.
(2016,
August
31).
Retrieved
from
https://www.cisecurity.org/critical-controls.cfm Cisco (NAC) Solution Data Sheet - Cisco. (2017, January 23). Retrieved from http://www.cisco.com/c/en/us/products/collateral/security/nac-appliancecleanaccess/product_data_sheet0900aecd802da1b5.html Matthews, J. (2017). Challenges of Implementing Network Access Control. Retrieved from https://www.sans.org/reading-room/whitepapers/access/challenges-implementingnetwork-access-control-37990 Neiva, C., & Orans, L. (2017, May 9). Market Guide for Network Access Control. Retrieved from
https://www.gartner.com/doc/3708117?ref=SiteSearch&sthkw=market%20guide
%20for%20network%20access%20control&fnl=search&srcId=1-347892225....
Similar Free PDFs
Access Control Best Practices
- 2 Pages
Challenges of Parenting Essay
- 6 Pages
Access-Template - Access-Template
- 11 Pages
Limitations of Network Marketing
- 12 Pages
Popular Institutions
- Tinajero National High School - Annex
- Politeknik Caltex Riau
- Yokohama City University
- SGT University
- University of Al-Qadisiyah
- Divine Word College of Vigan
- Techniek College Rotterdam
- Universidade de Santiago
- Universiti Teknologi MARA Cawangan Johor Kampus Pasir Gudang
- Poltekkes Kemenkes Yogyakarta
- Baguio City National High School
- Colegio san marcos
- preparatoria uno
- Centro de Bachillerato Tecnológico Industrial y de Servicios No. 107
- Dalian Maritime University
- Quang Trung Secondary School
- Colegio Tecnológico en Informática
- Corporación Regional de Educación Superior
- Grupo CEDVA
- Dar Al Uloom University
- Centro de Estudios Preuniversitarios de la Universidad Nacional de Ingeniería
- 上智大学
- Aakash International School, Nuna Majara
- San Felipe Neri Catholic School
- Kang Chiao International School - New Taipei City
- Misamis Occidental National High School
- Institución Educativa Escuela Normal Juan Ladrilleros
- Kolehiyo ng Pantukan
- Batanes State College
- Instituto Continental
- Sekolah Menengah Kejuruan Kesehatan Kaltara (Tarakan)
- Colegio de La Inmaculada Concepcion - Cebu