[Information Security – Cyber Security] Network access management solution (NAC)

Nowadays, many enterprises allow external devices and BOYD devices to connect to critical operating networks. However, a large number of devices and the variety of connected devices bring businesses many challenges in managing security and safety.

Solution Overview:

How to manage which devices are connected and where?
How to know that the connected device meets the security standards?
How to block the connection of an unknown device while maintaining a normal experience for the devices that are allowed to connect?

Due to such challenges, the NAC solution helps automate the inspection of device security compliance and network access permission policies by collecting complete information and device status in real-time. Thereby, it meets the requirements of real-time device connection management and more flexible granular access policies.

NAC takes a simple approach and automates the authorization or blocking of device connections to the network, providing a convenient, simple user experience and minimal IT-assisted calls.

Specially designed with powerful features: visibility (complete device discovery and collection), security and governance, it brings a consistent experience to the users, including user identification throughout the entire network (switch and access point), network port protection, and real-time device security compliance testing. Policies are enforced upon device authentication and are constantly checked in real-time by the device’s status. Therefore, even if the device is authenticated and connected to the network, any device that violates the policy will be immediately disconnected. In addition, if the device is disconnected, the user will receive a message from the screen (via the web page) specifying why the connection is disconnected and the steps to manually re-access the network. Users can do it themselves without IT guidance.

Uses and functions of NAC solutions:

NAC helps automate testing of device security compliance and access policies (based on identity/permission, device type, location, and ownership).
NAC collects real-time insights and compares device contexts to make accurate and immediate policy decisions.
NAC helps to assess the correlation of device information and user identifiers (based on the time and connected network segments) and then share this information with third parties’ security solutions such as Firewalls, Web Firewalls, SIEM… with the aim of managing the device in a consistent, accurate and secure way.

Solution features:

NAC can be integrated into the network according to Layer2/Layer3 or a combination of both.

The features of the solution are as the following:

Port Level Control
Role-Based Access Control
Agentless Device Profiling
Acceptable User Policy (AUP) Enforcement
Custom Policy Builder
Guest and IOT Self Registration
Flexible Network Integration Options
Contextual Intelligence Publishing
Application Usage Policies

RADIUS server – NAC can act as a RADIUS server or act as a proxy to an existing RADIUS server in the system.
Device Remediation (self-remediation) – NAC gives specific instructions for devices that are not complying with any technical standards and how to fix them so that users can do it themselves without the intervention of the IT helpdesk.
Agentless Device Profiling (collect device information without Agent) – collect information about connected devices such as device type, manufacturer, operating system and other attributes.
Register IoT devices – Support to allow registered IoT devices to connect to the network and customize policies so that these devices have the lowest access to limit security vulnerabilities.
Guest User Self-Registration – The web portal supports Guests’ self-registration in a simple and fast way.
24×7 Proactive Monitoring and Technical Support – technical team supports remote administration, daily backup, software upgrade, problem identification and resolution.

Solutions’ Benefits:

NAC provides a simple and effective user experience that helps solve the challenges of businesses in ensuring the security of devices connected to the network. The benefits brought:

Ensure security and clarity in real-time: The solution detects and collects complete information on connected or blocked devices on both wired and wireless networks; Real-time policy enforcement and compliance testing with mobile devices, Windows, and MacOS.
Flexible enforcement policies: The solution supports RADIUS-based policy enforcement without requiring VLAN changes and supports Layer 3 integration that does not require 802.1X authentication.
Convenient, simple user authentication: Support intuitive interface (easy to customize) for Guest, Vendor, and employees to self-register and grant access rights.
Contextual Intelligence: More comprehensive awareness of the device context in the network, sharing information with third-party security solutions such as SIEM, Firewalls, and IPS/IDS to automate the process of ensuring security in the enterprise.
Remote installation, training, deployment and support: Simple deployment solution that can support remote installation and deployment; support proactive monitoring 24×7, daily backup, software upgrade, problem detection and resolution.

Our company always wishes to become a reliable partner and a leading supplier of equipment and solutions for the success of our customers. For more detailed information, please contact:

MITAS Hanoi Technology JSC

Address: 5^th Floor, C’Land Building, No. 81 Le Duc Tho St., My Dinh 2 Ward, Nam Tu Liem Dist., Hanoi, Vietnam

Web: https://mitas.vn | Tel: (+84) 243 8585 111 | Email: sales@mitas.vn

The trust and support of our customers are a driving force and an invaluable asset to our company. We sincerely thank you./.