This document discusses network access control (NAC) technology and how it can protect network assets. It defines NAC as processes and technologies designed to prevent unauthorized or vulnerable systems from accessing the network. The document outlines the basic components of NAC, including common terms like authentication, authorization, endpoint integrity checks, and remediation. It also describes the pre-admission assessment process and post-admission capabilities of NAC to continuously monitor endpoints and enforce policies.

1. Who’s Been Accessing YOUR Network?
Using NAC to Cover Your Assets

2. Copyright Trustwave 2008Copyright 2011 Trustwave
Agenda/Contents
• Introduction
• Common Terms
• Basic Components/Capabilities of NAC Technology

3. Copyright Trustwave 2008Copyright 2011 Trustwave
What is NAC?
• Prevent corrupted, unauthorized, or high-risk systems from
gaining network access
• Protect the network and other resources from connected
systems that become corrupted or vulnerable
• Control the level of access based on policies
– Student vs Faculty vs Alumni
– Guest vs Staff
– Anti Virus up to date or not
– Use of File Sharing application
– Gaming devices
– Services running on device
Processes and technologies designed to:

4. Copyright Trustwave 2008Copyright 2011 Trustwave
Threats in a Mobile World
Today,
endpoint
devices
represent the
greatest risk
to network
security — by
propagating
threats or
being
vulnerable to
them.
Infected Devices
Unknown Devices
Out-of-Policy Devices
propagate threats, resulting in
loss of productivity & hours of
cleanup
like home PCs, contractor PCs, & WiFi
phones can introduce new threats or
compromise data security
are more vulnerable to malware
attacks, while running services that
could jeopardize security

5. Copyright Trustwave 2008Copyright 2011 Trustwave
Agenda/Contents
• Introduction
• Common Terms
• Basic Components/Capabilities of NAC Technology

6. Copyright Trustwave 2008Copyright 2011 Trustwave
Common Terms
• Element detection – Detection of new endpoints as they are introduced to
the network
• Authentication (AuthN) – Verification of a user’s identity when accessing the
network (who are you?)
• Authorization (AuthZ) – Determination of which network resources can be
accessed by an authenticated user (what can you do?). Typically defined by
group memberships, roles, etc in existing authorization systems such as Active
Directory, Radius or LDAP servers.

7. Copyright Trustwave 2008Copyright 2011 Trustwave
Common Terms (2)
• Endpoint integrity check – The ability to assess whether a newly introduced
network element complies with the security policy or is vulnerable. These
checks may include the ability to gather knowledge regarding an element’s
operating system, the list of installed patches, the presence of A/V software
and its virus signature’s date, last time scanned, etc.
• Remediation – The process of quarantining an element not complying with
the defined security policy until the issues causing it to be non-compliant are
fixed. When quarantined, the element may be allowed to access a defined set
of remediation servers allowing the user to fix the non-compliant issues.

8. Copyright Trustwave 2008Copyright 2011 Trustwave
Common Terms (3)
• Enforcement – The ability to restrict an endpoint’s access to the network if
the element does not comply with the defined security policy. Options are
typically allow, deny, restrict, and/or some other manipulation of traffic such as
redirection for remediation.
• Pre-Admission Assessment – The process of detecting a new element
connecting to the network, and the ability to verify whether or not it complies
with a defined security policy. If the element does not comply with the defined
security policy, the solution must restrict the element’s access to the network
• Post-Admission Protection – The process of continuously monitoring for and
protecting users, elements and their sessions from suspicious activity (i.e.
worms, viruses, malware, etc) or policy violations.

9. Copyright Trustwave 2008Copyright 2011 Trustwave
Agenda/Contents
• Introduction
• Common Terms
• Basic Components/Capabilities of NAC Technology

10. Copyright Trustwave 2008Copyright 2011 Trustwave
NAC Policy Components
Identity
Endpoint
Compliance
Behavior
Network
Access
Control
Match user identity with each endpoint on the network
Track user behavior
Enforce policy based on user or user groups
Seamless integration with existing credential stores
Analyze every packet from every device
Zero-day threat detection
L2-L7 behavioral policy enforcement
Measure health and compliance status of
every endpoint on the network
Robust reporting tracks all compliance data
Flexible tiered enforcement

11. Copyright Trustwave 2008Copyright 2011 Trustwave
Pre-Admission Assessment Process
• Endpoint detection
• Authentication
• Endpoint integrity check
• Comparison of authentication and integrity check results against a
policy store to determine authorization
• Policy decision passed to enforcement point
• Enforcement of network access (allow, deny, restrict)
• Remediation assistance, if required by policy

12. Copyright Trustwave 2008Copyright 2011 Trustwave
Post-Admission Capabilities
• Post-admission threat detection and protection
– Typically likened to IDS/IPS but with a focus on Day Zero threats
• Continuous Monitoring
• Provide ongoing checks and monitoring for:
– Policy violations
– Change of risk state
• Provide for periodic and/or random pre-admission “re-check”
• Remediation assistance, if required by policy

13. Copyright Trustwave 2008Copyright 2011 Trustwave
• Device & User Authentication
• Endpoint Compliance
• Protection from Suspicious Activity
• Policy Based Access
• Continuous Monitoring
Summary - How NAC Covers Your Assets
15

14. Thank You