2.3. Where Have You Been?
When deployed, a NAC solution makes sure that a user device can meet a preset level of security standard. NAC can also assure that a device is free and clear of malware before allowing that device to access the company network; and some NAC solutions can even check whether the user's device maintains the corporate security standard, even after network connection. Your company can decide how you want to enforce access control. For example, if a NAC solution determines that a device has been infected with malware prior to connecting to the company network, the NAC solution can either
Deny the device network access.
Accept the device onto the network with a warning (or without a warning).
Place the device on a quarantine network.
A quarantine network is like purgatory for unclean devices. Just like its medical counterpart, a quarantine network segregates an infected, non-compliant, or potentially dangerous device with potential for contaminating others from the remainder of the healthy, normal network by putting it in an ancillary network — perhaps a virtual network — apart from the company's core network and resources.
While a device is in the quarantine network, a NAC solution can begin the procedure of cleaning or repairing the device itself or in conjunction with a third-party server, a process called remediation. A NAC solution can use several forms of remediation:
Automated: Little to no human interaction necessary; remediation of the infected device ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
