Network access control is the process of controlling users' and devices' access to a network. Because of increased employee mobility and the growing number of end-user network-capable devices, tracking and controlling network access has become essential to maintaining data security in corporate networks.

In January, Infonetics Research released the results of a study suggesting a significant growth of the NAC market (an 11-fold increase predicted from 2005 to 2008). The firm's press release describes NAC as follows:

“Network access control, or NAC, is considered the holy grail of network security, as it is an intelligent network infrastructure that can identify users, identify and do integrity checks on the computers they are using, and then grant them access to specific locations and/or resources and set policies based on user and machine identity.”

Tim Greene wrote in Network World at the beginning of May that NAC products would be highly visible at Interop Las Vegas. Greene wrote:

“Infonetics breaks NAC designs into three components: clients that check end devices for compliance, enforcement points that impose policies and back-end servers that dictate policies to the enforcement points. NAC identifies and authenticates users and machines, ensures machines meet security policies, sets policies based on user and machine status, and grants access to specified resources. An Infonetics survey recognizes Cisco's Network Admission Control, Microsoft's Network Access Protection (NAP) and the Trusted Computing Group (TCG) consortium's Trusted Network Connect as the three NAC schemes best known among IT executives.” [links added by me]

Richard Kagan is vice president of marketing at Infoblox, a firm that delivers network infrastructure for any NAC deployment scheme; he recently sent me a brief summary of key issues underlying NAC for network architects and security personnel. The following is a lightly edited version of his comments.

* * *

What NAC solution is best for your organization? Stand-alone security applications? 802.1x? Cisco? Microsoft? End-point security is critically important and must take into account the following requirements:

* Networks are largely operating anonymously, with IT departments having limited awareness or control over how the network is being used or by whom.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.