First of all, we need to talk about why it’s so important to better secure your network.
You see, back in the days, company networks were small islands that could only be reached through a cable at the office. Data was mostly stored offline and not essential for outstanding company performance. But today, people inside and outside the office connect to the network through cable, Wi-Fi and VPN. This has tripled the number of endpoints and brought in new security risks, through Wi-Fi in particular.
Moreover, as data is now the most important asset companies have, it causes real problems when stolen or accidentally leaked.
So, there you have it, a cocktail of change:
An additional challenge revolves around the popularity of Bring Your Own Device (BYOD) policies. The rise of BYOD is not surprising, as it results in decreased costs of ownership, fewer helpdesk calls, higher employee satisfaction and more flexibility. However, because of the many different devices that are used inside and outside the office, you as an IT manager lose sight of what happens on all of these Apples, Androids, laptops and tablets. Moreover, it becomes nearly impossible to find an IT security solution that works for all of them.
The problem with most security solutions is that they are reactive. Virus scanners, for example, do tell when they’ve detected a problem, but can’t prevent the problem from happening. This is where Network Access Control comes in. There are different NAC forms, of which port-based NAC is the most workable and effective one.
NAC is your company’s virtual customs that uses pre-defined rules to check whether the user and his device comply with corporate security policies. It can tell who the user is, whether he uses a laptop, PC or tablet and whether he connects to the company network through cable, Wi-Fi or VPN. Users and devices that are cleared can come in but can only access specific network sections. Thanks to these policies, NAC solutions have the power to prevent problems rather than chasing them.
One of the great things about Network access control is that you can use it to compartment your network. Think of your company as a ship. If one of the ship’s compartments gets hit, there’d be damage for sure, but it would be limited to a minimum. You can do the same with your network, that can be divided into several compartments. By compartmenting the applications and systems of your company, you minimise risks, as compartments can’t “infect” other compartments. This principle also helps you to assign different access rights to different people.
For example, you wouldn’t want guests and contractors to access your financial systems, whereas the board should be able to access financial data at all times.
Do you want to know what a NAC solution looks like in real life? Download our case study “NAC put to the test- hurdling in the automotive industry”. It will give you a tour of the most used NAC applications and the way they make access safer and easier.
Many people think that VPN is a safe way to access company data remotely. True, VPNs themselves are quite well protected by their own security software, but that’s not the problem. The problem lies in the connection that VPNs make between an outside device and the company network. They form a direct connection between someone’s (privately owned) laptop and the computer network, bypassing all controls. This is why we recommend not to use VPNs for remote workers. In fact, don’t make them part of the network at all! Remote workers should access files and applications through a remote access control solution, not a Network Access Control one.
Let’s zoom into today’s most used access technology: Wi-Fi. We often call it “scary Wi-Fi” because of the high security risks that come with it. One of the reasons it’s scary, is because many companies use WPA2-Personal that works with a pre-shared key. This key is easily lost, shared with the wrong people or hacked. This is why we recommend going with the more secure WPA2-Enterprise or even WPA3-Enterprise.
The difference with WPA2-Personal lies in the 802.1X protocol. Both WPA2-Enterprise and WPA3-Enterprise use this protocol, where a server certificate is deployed to authenticate the access point and temporary encryption keys (so-called ephemeral keys) are generated per session. Because of this, WPA2-Enterprise and WPA3-Enterprise come with three huge advantages:
Want to know more about IEEE 802.1X authentication? Then download our white paper “Access Control Beyond MAC Address Filtering”, in which we’ll also introduce our NAC solution called NetAttest EPS.
When asked about the most essential asset of a NAC solution, we always say “digital certificates”. When you equip both the client and the server with such a certificate, they must proof their identity to one another before a connection can be made. This, right there, is the essence of a great Network Access Control solution. It helps keeping out strangers and uncleared devices, reduces risks through network compartmenting, avoids a Man-in-the-Middle attack and makes it easier for IT managers to guard the virtual company doors.
When you combine the certificate principle with the compartmenting principle, you also minimise the chances that cleared devices and users gain access to the systems they have no business in. This is why NAC helps you minimise risk while preventing issues at the same time. And just as important: it gives IT managers like you more control.
Do you want to learn about the potential of Network Access Control for your organisation? Then download our free white paper by clicking on the button below. In this white paper, we’ll guide you through all of the NAC aspects and tell you how to implement your own NAC solution.
Today, most companies still work with physical networks. But slowly but surely, they’re moving their assets to the Cloud. But as the Cloud doesn’t have physical networks, NAC in its current form doesn’t do the trick. This is why remote access solutions are becoming increasingly important. However, we do foresee a hybrid form in which physical networks and Cloud applications are used alongside each other. In this so-called “hybrid Cloud”, applications are available both on premise and in the Cloud. Hence, NAC will remain relevant in the future, only in a different role.
Do you have a question you’d like to ask to our NAC experts? Then don’t be a stranger and fill out the form! We’ll be in touch as soon as possible to help you tackle your IT security challenges.