8.1. Hey, It's Me

Three drivers make identity a must-have component of network access control (NAC):

  • Regulatory compliance: Regulations such as HIPPA, Sarbanes-Oxley, and PCI (Payment Card Industry)

  • Resource protection: Protecting your high value network resources

  • Traffic auditing: Actually seeing what happens in the network traffic

Before you try to create a large, complex NAC deployment, start with identity at the center of your plans. Without a proper definition of user identity, you can't realize the full potential of a NAC-based infrastructure.

NOTE

Before creating a complex NAC deployment, check for an internal identity stores that your NAC deployment can leverage and make a list of those identity stores before you try to create policies. Typically, you have to use several identity stores across your network to define complete policies that cover all users on your network. Identity typically isn't in the realm of your network infrastructure IT groups, and you may have to pull in your authentication IT group(s) to have a successful network access control deployment.

Most networks are built to connect users to resources. In the modern NAC view, both devices and users have identities. These identities can be either

  • A user who has a user name and other information

  • A device that has a location, hardware ID, or other information

Both users and devices have an identity that Network ...

Get Network Access Control For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial