Do you know who or what is accessing your network? If your answer is no or you're just making an assumption based on what you "think" is on the network, then how can you guarantee that your data and end-users are safe?
In the old days of wired connections and computer labs, security policies were strict and easy to maintain. You knew what devices you had to support and where they were because you purchased them, and they never moved.
However, today with the IoT and increasing numbers of mobile devices both from BYOD programs and corporate owned devices, managing and controlling the access to your network has grown exponentially in difficulty and importance.
There are many tasks that IT teams and business owners must address, such as:
- Guest Access
- Policy Enforcement
- Threat detection and prevention
- and of course, delivering a reliable user experience
Supporting these points takes a system of products both on the wireless side of things and wired. However, before we get too carried away, we need to start with the basics of security, and that's understanding what's on your network.
This means looking at network access control.
In this blog, we'd like to focus on the basics of network access control and what it should do for you.
Defining network access control
Network access control is exactly what it says it is, a security solution that controls access to your network.
To be a bit more detailed, NAC is a solution that integrates with both your wireless and wired infrastructure to identify, assign, and enforce pre-determined rules or policies to manage the access to your network.
Managing access to your network starts with having proper visibility. If you can’t see who or what is accessing your network and where they’re trying to go, then it’s going to be difficult to deliver a reliable and secure wireless experience.
Network access control allows you to identify who, what, where, when and how an end-user or device is accessing your network.
- Who is the end-user and are they a known user inside of your active directory?
- What is the end-user or device (IoT) trying to access on your network?
- Where are they connecting to the wifi? In their office, the cafeteria, hotel room, dorms…etc.
- When are your end-users or IoT devices accessing the network? Knowing this will also give you insights into when they are most active and least active, helping you to distribute bandwidth more efficiently.
- How your end-users are accessing your network (smartphones, laptops, tablets) as well as what IoT devices/systems are accessing your network (security cameras, vending machines, HVAC, scanners, printers, POS systems etc.)
Once your NAC system has properly identified who or what (or both) is trying to access your network, it can then assign the correct corresponding role for that user/device or group of users/devices.
This is also known as role-based access control. These assigned roles come with pre-determined sets of policies that control their access on the network.
Here’s a couple examples:
- Student – Has access to learning applications, student specific internal resources and the internet.
- Guests/Customers - No access to internal resources, only grant access to the internet, social applications (i.e. Instagram) YouTube, and their email.
With pre-determined policies and assigned roles, role-based access control allows you to customize the right wireless experience for each type of end-user/device accessing your network.
In the end, enforcement comes down to creating accurate policies that provide the correct user or device with the access it needs, no matter who, what, where, when and how.
We always say it’s about providing everything your users/devices need, nothing more and nothing less.
Also known as “endpoint integrity”, the process of assigning and enforcing security policies based on those roles, allows you to control the behaviors of all of the devices trying to access your network, be it from a guest or an IoT device.
This means making sure your end-users are adhering to your terms of service as well as making sure that viruses aren’t being unintentionally or intentionally spread across your network.
Your security strategy should be a holistic approach that integrates the right components into a dynamic system, starting with knowing who and/or what is on your network.
Network access control is a mission-critical component but it can be complicated to deploy and configure. To be successful you'll need to partner with an experienced and appropriately certified wireless service provider.
At SecurEdge, we provide the platform to simplify networking and deliver a reliable, robust, and secure wireless system—all on subscription. If you have any questions or would like to discuss an upcoming project, please contact us here.