Network access control (NAC): An open source analysis of architectures and requirements

The main goal of NAC is to extend the security of networks to the end-point by measuring the authenticity, integrity and security posture of each end-point prior to granting network access. To do this, the following functional areas must be present: authentication/authorization, assessment of security posture, quarantine and remediation. This paper presents an overview of an in-depth NAC requirement analysis performed against three NAC products based entirely on open source literature. The emphasis of the analysis was to define functional and security gaps across all products and make recommendations to improve the overall security and interoperability of NAC products. This paper identifies: 1) Key design and implementation choices that are required based on stakeholder requirements 2) Areas where NAC does not meet stakeholder(s) requirements 3) Areas that have not been adequately defined for implementation 4) Recommendations to improve the security posture of NAC products. An analysis of each product is performed in the following areas: 1) System Administrator Interface and Policy Settings 2) Authentication 3) Integrity Measures 4) Remediation 5) Security 6) Functional 7) Non-Functional This analysis and research of NAC lead to seven general recommendations for improving the security of NAC products and four recommendations for deploying and implementing them.