not logged in | [Login]
Always use radiusd -X when debugging!
Network Access Control (NAC) aims to do exactly what the name implies: control access to a network. The term NAC is also sometimes used for Network Admission Control, which is focused on authenticating users and performing a posture check on the connecting device. The broader definition of NAC, as access control, includes pre-admission endpoint security policy checks and post-admission controls over where users can go on a network and what they can do.
NAC's roots trace back to the trusted computing movement, and the work of the Trusted Computing Platform Alliance. The TCPA morphed and reappeared as the Trusted Computing Group (TCG). The TCG has created the Trusted Network Connect (TNC) sub group to create an open-architecture alternative to proprietary NAC initiatives. The Trusted Network Connect Sub Group (TNC-SG) aims at enabling network operators to provide endpoint integrity at every network connection, thus enabling interoperability among multi-vendor network endpoints.
It is still an emerging technology space, and many vendors are taking advantage of this lack of definition to jump on the NAC bandwagon. But if we boil down NAC to its essence, we are referring to the ability to:
Alternatively, the Free and Open Source PacketFence project is also a complete NAC product. It leverages FreeRADIUS for AAA over wireless Mac-Auth and 802.1X (aka WPA Enterprise) but also wired Mac-Auth and 802.1X.
Layers of a compelete NAC security deployment
Last edited by Alan T. DeKok, 2011-07-14 11:32:59
Sponsored by Network RADIUS 