2.8. Insider Access and Threats
After you have a NAC solution in place, you can begin to address a growing problem that sometimes seems rampant — insider access and threats.
An insider is a trusted network user who has a managed device. The user is authenticated, his or her device meets policy, he or she is authorized to be on the corporate network, and all necessary and required processes have checked him or her — all of which ensure and validate trust in the user and his or her device.
Then, it happens: The user or their device begins to snoop internal data, accessing servers, files, and folders that he or she isn't authorized to access; and the user can begin removing sensitive data or transferring it from the network.
How can a company stop such an insider threat scenario from playing out, even though the user is trusted, and his or her device clears policy?
If your company effectively segments your network using your NAC solution — alone or in concert with network enforcement points, you can ensure that even trusted users can gain access to only the servers and data to which they have approved access. If a trusted user attempts to access a server or data to which he or she doesn't have approved access, the NAC solution — alone or via enforcement points — can deny him or her access.
For example, say that the NAC solution has granted a user who has access rights to the engineering servers, but she attempts to access the finance server. If you have a NAC solution, the solution ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
