Introduction

Welcome to Network Access Control For Dummies. It's a scary networking world out there, and this book provides you with a working reference for understanding and deploying what type of network access control (NAC) is best suited for your network and you.

Because you're holding this book, you already know that security issues exist out there — and you've probably, maybe frantically, attempted to protect the network you're responsible for from the scenarios that get printed on the front page.

See whether you can identify with any of the follow scenarios:

• Authentication nightmare: You just put in a system to authenticate users who log on to your network, and everyone is hissing at you like snakes. They hate it. They hate you. They claim productivity is down, and the VPs are writing vicious e-mails to your boss.

• VPN for more than VPs: Everybody wants to work from home once or twice a week, and you have more and more remote employees working from their home offices around the world. Guess what? You're having a really hard time figuring out who's who and what they should have access to. Complaints about missing files and mission-critical info that's available to all have replaced your bagel with your morning coffee.

• Portable hi-jinks: You have absolutely no control over what devices people use to log on to your network, and after they log on, you have no control over what storage devices they can use as peripherals, or what they can take away. HR is investigating people who have left the company with complete DVDs full of trade secrets.

• Breaches: You've had breaches, but you can't tell how the attackers accessed the network. Malware may be the culprit, but how do you accuse a trusted user who has a company-issued device? And, at lunch, you hear other people talk about what they downloaded for their kids to play with on their laptops.

• Productivity slippage: Your management says that 50 percent of employees are spending 15 percent of their time doing personal shopping on the Internet, surfing, or even playing online games. Oddly enough, you're to blame, not them.

• Quarantine quagmire: You created a great way to monitor network devices and put those that don't comply into quarantine. You just don't have a great way to get them out. Some devices seemingly sit for weeks because their owners don't know how to update and you don't have the time to tweak every laptop in the world.

• Wireless is less: The employees love the open nature of WLAN access, and wireless access makes meetings more productive. But without the proper credentials, security, and controls in place, you're just a nose hair away from being snooped or having data stolen, even after a trusted user connects to the WLAN.

This book helps you with all these scenarios and a whole lot more. We purposely made this book a fast and easy way to understand, deploy, and use NAC, and we provide benchmarks for you to judge the merits and capabilities of the many NAC solutions that you can find for sale.

Here's the biggest tip in this book — plan! You can't plan enough when deploying a NAC solution for your network and organization. Take it from our combined 30 years of security work and access control. For every hour you spend planning and testing your NAC implementation, you can save days or weeks trying to fix what you hurriedly deployed. Plan it, then plant it.

About This Book

We fly around the world and say the same things about NAC that we say in this book. If you read it, we help you to

• Understand what NAC is and what it can do for you.

• Realize the breadth and scope of NAC, as well as how to plan and adapt all these facts into a custom solution.

• Home in on what makes the best NAC sense for your organization and how to extend it to fit every nook and cranny in your network(s).

• Leverage, repurpose, or reuse your organization's existing network infrastructure to deliver NAC.

• Save time, money, and labor in selecting and deploying a NAC solution fit for you.

Something You Should Know About This Book

All three authors are employees of Juniper Networks, which actively markets and sells its own NAC solutions (under the UAC acronym, for Unified Access Control). We try to keep the information in this book as straightforward and unbiased as mere people can, but we admit that sometimes we might go into detail about an issue or feature that we know intimately which some vendors of NAC solutions don't have or implement differently. We're not apologizing. Not one iota. It's just something you might want to know.

What You're Not to Read

We place text you don't need to read in self-contained sidebars or clearly mark them with a Technical Stuff icon. You can skip these items if you're in a hurry or don't want to lose your train of thought. You may decide to browse through the book some day during lunch and read up on all the technical details. They're good preparation for a cocktail party with networking engineers.

Foolish Assumptions

When we wrote this book, we made a few assumptions about you:

• We assume that you're a network professional, although you don't have to be one. Because our objective is to get you up and running, and you might be reading this book in order to understand what your engineers are telling you, we include only a few basics about how it actually implements NAC and try not to discuss the operations in detail.

• You may design or operate networks.

• You may be an IT manager, or a manager who supervises IT managers, or a manager who supervises managers who supervise IT managers.

• You may procure networks or otherwise work with people who plan and manage networks.

• You may be a student of NAC or even just entering the networking profession.

How This Book Is Organized

This book is divided into four parts.

Part I: Unlocking the Mysteries of NAC

Imagine Sherlock Holmes examining your network with a magnifying glass. That's NAC. Read this part, and you qualify to be Dr. Watson.

Part II: NAC in Your Network

This part gets personal and brings in all the variations that can enable a NAC solution to fit your network needs. A NAC solution can really do a lot for you, after you realize the scope of its capabilities.

Part III: NAC in the Real World

This part reveals what you really need to know about NAC architectures, standards, and extensions. It's like the form you have to fill out for eHarmony before you get to the dating process. Read carefully, or you may waste your time with several dates from hell.

Part IV: The Part of Tens

This part offers quick references to the top-ten most helpful stuff on the planet about NAC. You can find help on topics ranging from key definitions, to planning your implementation, to where to go for more info.

Icons Used in the Book

We use icons throughout this book to key you into timesaving tips, information you really need to know, and the occasional interesting backgrounder. Look for them throughout these pages.

This icon highlights helpful hints that save you time and make your life easier.

Be careful when you see this icon. It marks information that can keep you out of trouble.

Where to Go from Here

It's a big, bad networking world out there, and 99 percent of the people who use your network don't really understand the security concerns. If you do your job right, they don't have to worry about these concerns. That's the point of this book. Browse through the Table of Contents to find a starting point that sounds like you, and then just dip in. Test the NAC waters. You can skip around like a stone on water, or start with Page 1 and read to the end. Just remember that you can control who's on your network and what they have access to. This book is about how to do that.