With the growing use of mobile devices in enterprise networks, the risk of introducing viruses and malware increases. Generally users are given admin privileges on mobile devices which makes it difficult to control the hygiene of the mobile device. An infected mobile device that authenticates using IEEE802.1X is capable of spreading malwares and viruses in the local network if no additional checks are not carried out before network layer access is granted.

Network Admission Control systems are there to help mitigate this kind of security threats.

Network clients that give users administrative privileges represent security risks; The user may consciously or not use the device in a manner that violates the security policies.

If the security software such as firewall or antivirus is disabled, the device becomes a target to security threats such as viruses and worms. Once infected, the mobile device connected from within the enterprise network will spread the virus or worm to other network devices.

A Network Admission Control (NAC) solutions takes in charge the validation of security policy on network devices before granting network connectivity. A typical NAC solution is composed of three main

NAC solutions include a dedicated policy management server with a management interface for defining and administering security configuration requirements and for specifying the access control actions (for example, allow or quarantine) for compliant and noncompliant endpoints.

The baseline determines the security state of an endpoint that is attempting a network connection (LAN or virtual private network [VPN]) so that a decision can be made about the level of access that will be allowed. Baselining must include the ability to assess policy compliance (for example, up-to-date patches and antivirus signatures) and may include the ability to detect installed malware. Various technologies may be used for the baseline function, including agentless solutions (such as vulnerability assessment scans), dynamic agents and persistent agents.

NAC solutions include the ability to quarantine or grant full or limited access to an endpoint. Enforcement is accomplished by the network infrastructure (for example, via 802.1X or via port-based reconfiguration) or via the NAC solution (for example, dropping/filtering packets).

Source: Gartner (March 2008)

• http://www.secureaccesscentral.com/nac/NACadmission.php
• http://mediaproducts.gartner.com/reprints/juniper/vol3/article4/article4.html

Labels: security