Network Access Control (NAC)


Network Access Control as a computer networking solution has been around for quite some time and basically uses a set of protocols that control access to the network with various policies.

The base usage of NAC is to limit, deny or allow access of a device to a computer network depending on the defined policy. It basically dictates which users and devices are able to use a specific network, mostly by using IEEE 802.1X protocol, such as EAP-TLS, EAP-PEAP or EAP-MSCHAP.

NAC also allows network administrators to give role-based controls of user, device, application or security post authentication. The main benefit of NAC solutions were to prevent devices that lack certain level of security to access the network and put other computers in the network in risk, define precise policies to allow access to a type of device, computer or user to certain areas of network as well as to give identity and access management by using authenticated user identities rather than standard IP addresses.

The NAC market has grown significantly in the past few years and have evolved accordingly, giving network administrators much more freedom by adding expanded monitoring and reporting, extended system integration and interoperability, advanced threat protection and mitigation and extended endpoint compliance.

Modern NAC solutions also brought several new features including the so-called agentless support, onboarding support, extended policy capabilities, extended guest management, extended profile support, and more.

Some of the well known NAC solutions include, Cisco’s Identity Service Engine, Cryptozone’s Appgate, F5 Networks’ Big IP, Bradford Networks’ Network Sentry and the winner of the SCAwardsEruope 2017, Forescout’s CounterACT, which offers a highly scalable, heterogeneous platform, providing enterprises and agencies with agentless visibility and control of devices and endpoints as they connect.


Previous articleCloud Security – Bringing scalable and efficient security
Next articleIntrusion Detection Systems (IDS), protecting the network
Slobodan Simic is foremost an IT enthusiast who discovered his knack for writing, which lead to becoming both an IT journalist and later an Editor for a number of publications. He has been covering anything from the consumer- and professional-oriented hardware to software markets and networks. With a focus on chasing down leads, making sure that fresh content is ready for publishing, as well as keeping up with the evergrowing and evolving IT world, writing has become more of his passion rather than just a job.