NETWORK ACCESS CONTROL (NAC)
What is NAC ?
- Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches, and firewalls to work together with back-office servers and end-user computing equipment to ensure the information system is operating securely before interoperability is allowed. A basic form of NAC is the 802.1X standard.
- Network Access Control aims to do exactly what the name implies—control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.
Why Forescout ?
Forescout, which previously scanned network endpoints externally, is introducing client software that checks out machines as they try to join networks. Secure Connector is a dissolvable agent that is downloaded to client machines and runs during a given session then dissolves. The agent can also be permanently installed on the client machines if, for example, they are managed by the customer. Secure Connector interrogates the machines for security posture data that it forwards to the ForeScout CounterACT NAC platform to make a policy decision about whether to admit the machines to the network. The client, which is a .exe file, connects to the CounterACT platform via an SSL connection, making it possible for the agent on remote machines to link in through a corporate firewall.