Network Control (NAC) is the process of leveraging security protocols such as endpoint monitoring and 身份和访问管理(IAM) 最大限度地控制谁或什么可以访问专有网络.
often, there are systems on a network that simply do not receive the same level of visibility as others. 因此,它们成为a的更容易访问的点 threat actor 破坏网络. 根据Forrester, “security and risk pros need to address problems introduced by a mobile and remote workforce incentivized by cloud integrations. NAC解决方案过去和现在仍然被认为是复杂和昂贵的,难以有效部署.”
显然,每个组织的NAC看起来都不一样. 因此,让我们来看看两种不同类型的过程:
这种类型的NAC网络安全控制确保一个人, system, 或者希望访问网络的设备在实际访问之前被检查出. IAM authentication procedures can be leveraged during this process to ensure no one or thing is granted access to a network that doesn’t have a right to be there.
This type of NAC control essentially “follows” an authenticated user around the network, continuously verifying their credentials to ensure they aren’t admitted to a part or segment of the network they don’t need in order to do their job or complete a task. In this way, 如果一个威胁行为者进入了一个特定的部分, 他们会被隔离在那个区域, 保护大型网络.
你需要NAC,因为有大量的威胁行为者在寻找 brute force - 他们通过低或不受监控的接入点进入网络. Visibility and automation are necessary to be able to cover the large scale of many enterprise networks, NAC解决方案可以在这些领域提供保护.
这种类型的安全解决方案的内在好处包括:
So, how exactly would an NAC solution help to fortify security posture and contain threats? NAC程序的具体功能有很多, 并最终有助于统一认证协议, 端点配置, 以及对企业环境的全面访问.
在为您的特定环境寻找NAC解决方案时, 不过®states “组织应评价下列能力”:
除了这些功能之外, it’s important to remember that compliance – as noted above – is critical and is also a moving target. 为了保持NAC解决方案功能的有效性, it’s a good idea for security practitioners to conduct periodic assessments and audits.
Scheduling regular network assessments and audits can ensure compliance with secure configurations, 密码策略, 以及接入网的控制要求. assessing 网络安全 针对内部构建的基准也可以帮助减轻威胁.
NAC solutions are ubiquitous and they can do different things depending on the specific environment of the security organization looking to leverage its capabilities. 让我们看一下一些更常见的用例.
随着员工将更多的物联网设备带入公司网络, IT团队必须跟上步伐,努力确保他们在网络上安全运行. 自动化这个过程可以简化这个领域的操作, helping to authenticate each device and determine if its reason for accessing the network is valid.
从BYOD趋势开始, it's been an ongoing evolution of how to balance the benefits with the risks that arise from letting your employees and partners use their own devices on the internal or corporate network. Powerful NAC solutions like authentication protocols and multi-step verification technologies have helped to ensure security while these devices are accessing the network.
当涉及到供应商, we’ll assume you’ve thoroughly vetted these partners and entrusted a portion of your business practices and services to their care. This means each of these providers will need at least a degree of access to your corporate network, with network segmentation helping to facilitate that access as well as protecting the network as a whole.
You implement network access control by adhering to some stringent best practices that will help ensure the solution has its best chance to protect the organization.