4.1. The Security Reasons for LAN-Based NAC
There are quite a few LAN-based NAC/NAP solutions in the marketplace today. Regardless of their differences, they are designed to protect against various threats to the corporate LAN. These threats can be placed into two broad categories:
Unintentional threats
Intentional threats
By far, the biggest reason I hear from companies about why they are seeking a LAN-based NAC/NAP solution is because of unintentional threats. Unintentional threats are just that: unintentional. The user using the device acts in good conscience and doesn't knowingly do anything bad to adversely affect systems and data on the LAN. The companies I talk to specifically mention that they don't want an infected laptop from an outside vendor, contractor, and so on infecting their LAN. I don't think I can recall a situation where that exact scenario wasn't named as the key reason (or one of the key reasons) for why the company was looking to LAN-based NAC.
While this is a valid concern, I don't know that I would consider that unintentional threat the biggest risk. Personally, I would say the biggest threat comes from the intentional threat.
The intentional threat comes from the device being controlled by a person who is actively trying to exploit the systems and data on the LAN to which they are connected. They can try to sniff data and passwords and also try to break into systems that are on the LAN. They can also create Denial of Service attacks and wreak all other ...
Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
