Considering NAC's expanded uses

* NAC can become a key component of an "identity-aware network"

Those considering NAC and even those who have already bought it might want to consider expanding its use, according to a recent Gartner report.

NAC can become a key component of an "identity-aware network" as defined in the report “Introducing the Identity-Aware Network.”

The definition: “A network that can monitor a user’s behavior by mapping IP addresses to user IDs. Policy enforcement points within the network may be used to control a user’s traffic based on [identity and access management] policies attributed to that user.”

That means a person’s identity as well as the identity of the machine being used are taken into account when determining access rights. And based on that identity, role-based policies can be enforced. An example is allowing HR employees to access salary databases, but denying that access to sales staff.

NAC provides the basics of an identity aware network because it already takes into account the user’s identity and the machine being used, notes Lawrence Orens, the author of the report. NAC architectures also include policy enforcement points such as inline appliances, switches, proxy servers, VPN gateways, 802.1x switches and access control lists on Layer 3 switches.

The effect on users is that if they are not allowed access to an application, they will never even see it on the network and attempts to access it will be dropped.

Expanding the role of NAC in this way requires the NAC policy server to be able to import role-based policies from directories to expand on NAC’s machine-status access policies.

Orens recommends that businesses ease into identity-aware networking by imposing it on guest access first, then expanding it. And network executives should look for elements of identity-aware networking incorporated in infrastructure they might be refreshing as part of lifecycle upgrades to their networks.

He also suggests integrating NAC technologies with identity and access management products as a means to achieve identity-aware networking.

Copyright © 2009 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022