1) NAC Is Built on an 802.1X Framework
The 802.1X authorization framework consists of three main components: 1) Supplicant: The endpoint device that asks for access; 2) Authenticator: The gateway used during 802.1x authentication, usually a switch or an access point; and 3) Authentication server: The server that validates the supplicant credentials, typically a RADIUS server.
All components work together to ensure that only validated users and devices are authorized to access network resources.
2) Device Identity Is Critical
Device fingerprinting provides network administrators visibility as to what type of devices are connected to the corporate network and controls secure access to certain types of devices. Endpoint devices can be identified and classified by a variety of methods, including organizationally unique identifier (OUI) matching, DHCP analysis, and HTTP snooping.
3) We Live in a BYOD World
The bring-your-own-device (BYOD) concept allows employees to access the corporate network with personal devices, such as smartphones and tablets. A BYOD policy dictates which corporate resources can or cannot be accessed when employees connect to the company network with their personal devices. A modern-day and best Network Access Control (NAC) solution must provide access based on predefined policies for BYOD endpoints in addition to company-owned devices.
4) Guest Management Is a Key Component
Even if you are not a library, everybody expects free Wi-Fi. Network Access Control (NAC) security requires a means to provide wired or wireless guest access while still protecting the corporate network. Guest management options include social login, captive web portals, self-registration, and employee sponsorship. At a minimum, wireless guest access should require a separate guest SSID, a unique guest VLAN, and a guest firewall policy. Cloud-based guest management solutions simplify all aspects of guest onboarding and monitoring.
5) Cloud-Managed NAC Is the Future
Next-generation Network Access Control (NAC) solutions move access control to the next level with cloud management. A cloud-managed NAC solution scales globally by providing a central point of management for monitoring NAC enforcement nodes at multiple locations. A cloud-managed Network Access Control (NAC) centralizes monitoring and configuration of remote sites, while localized tasks like device authentication and access control enforcement are executed onsite.