Chapter 3. What Are You Trying to Protect?

One of the driving factors in my writing this book was to add clarity to this fundamental question: "What are you trying to protect by using NAC?" In speaking with many different companies, there was a great deal of confusion over exactly what is protected by the different NAC/NAP solutions. NAC/NAP protection basically falls into two different categories:

• A solution that is designed to protect the LAN

• A solution that is designed to protect a mobile device, as it is mobile

Any company that is interested in implementing NAC/NAP must first answer the question before it decides to implement a solution. Also, it must understand what types of devices are causing the threat. These devices can be the following:

• Enterprise-owned sedentary desktops that almost never disconnect from the LAN

• Enterprise-owned laptops that are sometimes on the LAN and sometimes mobile (that is, being used at airports, home, client sites, and so on)

• Enterprise-owned laptops that never come back to the corporate LAN

• Employee-owned home computers that are used by the employee for remote access to corporate resources

• Unknown devices from contractors, customers, business partners, and so on

• PDAs and other nontraditional computing devices

This chapter examines LAN-based and Mobile NAC, and describes in detail how each solution addresses the various types of devices. Keep in mind while reading this chapter that there are various functions that NAC solutions provide. They don't just assess and restrict; they can also remediate.