Well it is simply who you are to govern & what you are allowed to do on the network.
When all of it’s parts are in place, NAC will be a way to apply a policy for network access across LAN, wireless and VPN infrastructures. The access control policy in NAC can range from simple such as go/no decision on network access or a choice of virtual LANs or it could be as complex as a set of per user firewall rules defining which part of the network are accessible.
Within a NAC deployment, the IT Managers use 3 types of elements to pick an access control policy: authentication, endpoint security assessment and network environmental information.
Authentication is a straight “Who are You” transaction that users are accustomed to with other applications. As a concept, NAC doesn’t have special requirements for authentication.
A good NAC deployment would use the same authentication systems as other applications. For example if you are applying NAC to a remote IPSec VPN tunnel, you should use the same authentication to bring up the IPSec tunnel as you do to authenticate a user.
Endpoint security assessment is the most complex part of selecting a policy in NAC, but it is also the driving factor for deploying NAC in the first place.
The underlying idea is that the security posture of the connecting notebook, desktop or server should be a part of access control policies. For example, if a connecting system does not have the standard corporate anti-virus package, the user should get a different access control policy than if everything is installed and all of the signatures are up to date.
Network environmental information is a small but important part of selecting access policies in a NAC scheme. Environmental information might be circumstantial data about whether you’re connecting via a wireless network or through a VPN, or whether you’re in the building or in another country.
These circumstances play into the decision of what access control policy is assigned to the connecting system.
For example, if you’re coming in on a VPN, you might not be able to get to as many parts of the network as if you were in the building.
NAC is a hot buzzword; therefore, this component-level definition of what NAC is won’t map directly to all NAC products and architectures.
But most products being offered as part of an overall NAC strategy include at least some component, if not all, of this definition.
