The advancement of technology in the workplace is staggering. New devices and applications like iPods, instant messaging (IM), smart phones, wireless Internet connectivity and remote access are now normal parts of the average workplace. While important business benefits can be seen from many of these technologies, they can expose the entire corporate network to security threats such as malware, spyware, spam, Trojans, viruses, hackers and malicious insiders.

Allowing these endpoints onto the enterprise network exposes a company to a wide variety of security risks that can be costly, not only from the actual cost of fixing the problem, but also regulatory fines and a damaged reputation. To protect against the growing threats to the network, network access control (NAC) solutions provide detection and implementation of security policies to minimize these risks.

NAC solutions can protect the enterprise network, servers and endpoints from the threats posed by end-users and endpoints already on the network, as well as those attempting to access the network. NAC guarantees that users are authenticated and endpoints are compliant with company security and acceptable use policies, both prior to allowing access and while connected to the network.

The identity and basic credentials of network users are checked first. NAC then checks if the endpoint is protected, making sure anti-malware is up to date, firewall protection is enabled, operating system security patches are installed and any prohibited applications, such as file-sharing programs, are identified.

The NAC system also verifies access permissions set by corporate policies to determine where and what type of access will be allowed within the network. IT administrators may be granted access to control areas within a network, while users are only allowed to access assigned data or applications.

The NAC directs non-compliant end-users and unauthorized devices to remediation resources, monitors changes in the security state and network activity of connected endpoints, and quarantines any infected computers to minimize the threat to the network.

While there is no single perfect solution for every company or network environment, NAC solutions can be implemented within a security strategy as a standalone solution or integrated with the internal network infrastructure. The needs and resources of small businesses are different than those of larger enterprises, but having a policy-driven security program in place to prevent unauthorized network access and protect the integrity of the network is essential, and can be achieved through a NAC solution.

An effective NAC solution should:

assess the security state of an endpoint attempting to connect to the network and provide feedback on compliance;
compare the endpoint's security state to the relevant policy that defines the requirements for network access;
enable a minimum level of network access for automated remediation or self-remediation of an endpoint to bring it to a state of compliance;
offer protection against everyone-known and unknown-trying to access the network;
monitor the security of endpoints already connected to the network;
enforce network access according to the requirements of the environment; and
provide effective reporting.

An effective NAC solution should also integrate well with existing network configurations to minimize disruption and cost. The right NAC solution will also support an organization's overall security strategy, while maintaining the ability to create and manage policies underpinning that strategy, as well as the flexibility to accommodate new strategies as they arise.

Mike Haro is a senior security analyst at Sophos, Burlington, Mass.

For more information (click here)