On GameSpot: Black Wii Remote, Nunchuk hit US Nov. 16
BNET Business Network:
BNET
TechRepublic
ZDNet

Talkback

Add your opinion
advertisement

From our video sponsors

advertisement
What is NAC?

Internal threats to a network are even more prevalent than external ones. Simon Khalaf of Vernier Networks explains how the five phases of NAC, or Network Access Control, can prevent such attacks.

I'm Simon Khalaf, the CEO of Vernier Networks, and today I want to talk to you about what is NAC. NAC, network access control, is a security technology that blocks unauthorized access to IT resources from inside the network.

We've heard a lot about external threats, but today what people are concerned about is the insider threat to the network, and that's what NAC addresses. This summer, we conducted a survey and we found that 53 percent of organizations are considering deploying NAC next year.

This is not surprising, given that studies by Gartner, the FBI and the Computer Security Institute found that 75 percent of all threats are coming from inside the network, and that amounts to 150 billion dollars in security losses. So today, we're going to go over the five phases of NAC.

The first phase of NAC is the authentication phase, which is what NAC Solutions use to identify a laptop or a person connecting to the network, getting its identity. Is it that of a contractor, guest or employee? That's what's the authentication phase determines.

The second phase of NAC is the validation phase, which is the technology NAC solutions use to see what's on the desktop. Does it have the latest antivirus software? Is the personal firewall turned on? Are the latest OS patches deployed? That's what's done in the validation phase.

Based on the identity of the person and the security posture of the device, we go to the authorization phase of NAC, which decides what rights you have on the network, which is where you can go on the network based on your identity and what you have on the device.

After that, when the device is on the network, we go to a very important phase of NAC, which is the inspection phase, which is looking at the traffic generated from the device and making sure it stays compliant. If it starts sending spyware or worms, then it automatically goes into the fifth stage of NAC, the quarantine and remediation phase, which is a stage you get to if you're not compliant from the beginning, or you become un-compliant during any work you do on the network.

So, what is NAC? It's the five phases: authentication, validation, authorization, inspection, quarantine and remediation. Essentially, it's the security technology used to block unauthorized access to IT resources from inside the network.