Network Access Control
What is NAC (Network Access Control)?

Controlling access to digital resources is a critical IT security capability for organizations. Network access control (NAC) solutions enable IT to authorize or prevent users and devices from accessing resources on the network. NAC plays an important part in delivering least-privilege access to resources that is foundational to Zero Trust Security strategies.

Technicians using computer in server room.
  • NAC explained
  • Why is NAC important?
  • How does NAC work?
  • What are examples of NAC?
  • How do I select a NAC solution?
NAC explained

NAC explained

Network access controls restrict users and devices from reaching resources based on rules established by IT. Much like door locks and security badges keep intruders from accessing physical organizational resources like buildings and offices, network access controls protect networked digital resources from unauthorized access.

NAC elements

Capabilities

Function

Technologies

Visibility

Knowing who and what is on the network at any given time

Physical or virtual data collectors: active (NMAP, WMI, SNMP, SSH) and passive (SPAN, DHCP, NetFlow/S-Flow/IPFIX) discover methods:AI/ML-assisted device profiling; deep packet inspection

Authentication

Ascertaining with confindence that a user or device is who/what is attests to be

802.1x authentication; EAP-TLD, RADIUS, TAC-ACS; multi-factor authentication; certificates

Policy definition

Defining rules for users and devices regarding resource they can access, and how resources can be accessed

Rule-writting tools, which can include contextul parameters like role, device type, authentication method, device health, traffic patterns, location and time-of-day

Authorization

Determining the appropriate rules for the authenticated used or device

Enforcement

Alloying, denying, or revoking and authenticated user or device's access to a resource based on appropriate policy

Integration and bidirectional communication with firewalls and other security tools

What is NAC used for?

NAC solutions like HPE Aruba Networking ClearPass can address several secure connectivity use cases within organizations:

NAC for guests and temporary workers

ClearPass Guest makes it easy and efficient for receptionists, event coordinators, and other non-IT staff to create temporary network access accounts for any number of guests per day. ClearPass Guest also offers a customized self-registration portal, which allows visitors to create their own credentials that are then stored in ClearPass for pre‑determined amounts of time and can be set to expire automatically.

NAC for bring your own device (BYOD)

ClearPass Onboard automatically configures and provisions mobile devices, enabling them to securely connect to enterprise networks. Workers can self-configure their own devices by following guided registration and connectivity instructions. Unique per-device certificates are applied to ensure that users can securely connect their devices to networks with minimal IT interaction.

NAC for endpoint security posture assessment

ClearPass OnGuard performs endpoint/device posture assessment to ensure security and compliance requirements are met prior to devices connecting to the corporate network, which can help organizations avoid introducing vulnerabilities into their IT environments.

NAC for Internet of Things (IoT) devices

ClearPass Device Insight provides full spectrum visibility of network-connected devices with risk-scoring and machine learning to identify unknown devices and reduce time-to-identification. ClearPass Device Insight also monitors the behavior of traffic flows for added security.
ClearPass Policy Manager profiles devices trying to connect to the network and provides role- and device-based network access based on rules configured by IT.

NAC for wired devices

ClearPass OnConnect provides secure wired access control for devices like printers and VoIP phones that do not authenticate using 802.1x techniques.

Cloud-native NAC

HPE Aruba Networking Central Cloud Auth integrates with common cloud identity stores to deliver seamless cloud-based onboarding and secure role-based policy for users and devices.

Related resources

HPE Aruba Networking ClearPass Policy Manager

Secure your network with policies based on the principles of zero trust security to support hybrid workplace initiatives, IoT devices, and edge computing.

HPE Aruba Networking SSE

Enable seamless and secure access for every user, device, and application from anywhere with Security Service Edge (SSE).

Related topics