10.1. NAC-Like Functionality in Non-NAC Technologies

With LAN-based NAC/NAP solutions, the assessment of devices occurs as they attempt to gain access to the LAN — and sometimes at intervals after that. When machines come onto the LAN, they do so by physically coming back to the office or using a VPN to connect. Many VPN appliances have the capability to check the security posture of devices as they VPN back into the corporate network. If the security posture is deficient, access can be prohibited or limited. Clearly, this is performing a component of NAC/NAP functionality.

This type of functionality exists in the two primary types of VPN appliances:

  • IPSec VPN

  • SSL VPN

For some companies, implementing a full-blown NAC/NAP solution isn't in their immediate futures. At the same time, they may recognize that mobile systems pose a serious threat to their LAN and would like to take advantage of a technology to assist with this problem. This is a perfect example of where using existing technologies such as VPN devices can help add NAC-like functionality.

10.1.1. NAC Functionality in IPSec VPN

When mobile systems attempt to create a VPN back to the corporate network with their IPSec VPN clients, there are security advantages to assessing those clients before full access is allowed. While many IPSec VPN devices can perform this functionality, let's focus on Nortel's VPN solution.

A while back, Nortel introduced its Tunnel Guard functionality to its VPN devices. Tunnel Guard is an application ...

Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.