Table of Contents

Editor's Corner

Featured In This Issue

Case Study

PCI Compliance

Building the Right Foundation for NAC

RSA® Sign-On Manager 4.5

Combating the Threat of Spyware

Nokia Achieves Milestones in Security

Akibia Training

Akibia News

Akibia's Technology Challenge

Akibia Partners

Contact Akibia

 

 

 


   The Infoblox ID Aware DHCP Toolkit is an Integration Framework for any NAC Solution

Building the Right Foundation for
Network Access Control (NAC)
By Richard Kagan, VP Marketing - Infoblox

With a dizzying number of network access control (NAC) and endpoint security vendors and solutions confronting you everyday, it's hard to know where to start. Every vendor seems to have their own definition of NAC and a solution that fits their definition perfectly. Not surprisingly, questions abound: What approach - Cisco NAC, Microsoft Network Access Protection (NAP), 802.1x, stand-alone security applications and/or appliances - makes the most sense? What are all the benefits and drawbacks of each? Is it possible to achieve network access control and increase security without breaking the bank or overhauling the entire network infrastructure?

So, let's start at the beginning - What is NAC? According to leading industry research firm Gartner Group analyst, Lawrence Orans, Network Access Control (NAC) is the process for controlling an endpoint's ability to access the network. The only endpoints that should be able to access the network are those that meet specific security policies established by an organization (e.g., up-to-date AV signatures, OS patches, etc.). This definition fits many vendors' solutions, and others go further, expanding the definition of NAC to include functionality that occurs after network access is granted (or denied), such as implementing role-based access to particular network resources, mitigating threats, and supporting compliance reporting.

While NAC solutions are still evolving and the pros and cons of various approaches still questionable, several fundamental realities exist. First, networks today are operating anonymously. With increasing regulatory compliance pressures and security concerns, organizations must establish an identity-driven network (IDN), and this requires the ability to control which users and devices have access to particular network resources and to make that information visible and actionable. Second, all NAC solutions require interactions among a number of components from multiple vendors, including the network infrastructure (e.g. routers and switches) and other systems that store policies, scan endpoints, provide remediation, mitigate threats, and the like. Third, all NAC solutions are dependent upon robust network identity services, especially Dynamic Host Configuration Protocol (DHCP) services.


DHCP is a Foundation for any NAC Solution

DHCP is the method used in essentially all IP networks for automatically assigning the IP address (and other parameters such as DNS server and gateway addresses) for networked devices. Since acquiring an address is the first step required before any device can access an IP network, DHCP necessarily plays a role in all NAC implementations. In anonymous networks, which is to say, in most of today's networks, DHCP operates "promiscuously," providing IP addresses to all devices that request them. A key function of most NAC solutions therefore is to link the DHCP server to the network infrastructure and other systems in order to ensure that devices and users can be validated before granting access.

While it isn't clear which NAC solutions will become dominant (if any), it's clear that all of them will require robust DHCP infrastructure. When upgrading or selecting a new DHCP solution - required by most organizations since most legacy systems cannot meet the growing demands of today's mobile workforce and advanced applications, like VoIP and wireless - be sure to consider these requirements so that when you are ready to deploy a NAC solution, you have the essential DHCP foundation to support it:

  • Supports basic device and user authentication out-of-the-box
  • Provides out-of-the-box integration with client-based and clientless endpoint scanning systems, remediation systems and threat mitigation systems
  • Links users, device (MAC) addresses, IP addresses and host names
  • Compatible with all vendors' networking equipment (switches, routers, etc.)
  • Uses existing directory stores and user credentials without additional provisioning

The Infoblox Authenticated DHCP solution provides network administrators with a simple but powerful tool to assist in the registration and authentication of users in a networked environment. The solution uses a customizable Web-based portal to require user authentication before a DHCP license is granted with the nonstop DNS/DHCP services delivered via Infoblox's revolutionary network identity appliances. Infoblox's Authenticated DHCP solution can be an essential stepping stone to NAC without requiring significant network changes, costly upgrades and client installations.


Take the First Step Towards an Identity-Driven Future Now

To learn more about the essential role DHCP plays in establishing an identity-driven network without getting wrapped up in which NAC solution will "win the race" in the end, visit the Infoblox Web site: http://www.infoblox.com/solutions/auth-dhcp.cfm.