8.1. Hey, It's Me

Three drivers make identity a must-have component of network access control (NAC):

  • Regulatory compliance: Regulations such as HIPPA, Sarbanes-Oxley, and PCI (Payment Card Industry)

  • Resource protection: Protecting your high value network resources

  • Traffic auditing: Actually seeing what happens in the network traffic

Before you try to create a large, complex NAC deployment, start with identity at the center of your plans. Without a proper definition of user identity, you can't realize the full potential of a NAC-based infrastructure.


NOTE

Before creating a complex NAC deployment, check for an internal identity stores that your NAC deployment can leverage and make a list of those identity stores before you try to create policies. Typically, you have to use several identity stores across your network to define complete policies that cover all users on your network. Identity typically isn't in the realm of your network infrastructure IT groups, and you may have to pull in your authentication IT group(s) to have a successful network access control deployment.

Most networks are built to connect users to resources. In the modern NAC view, both devices and users have identities. These identities can be either

  • A user who has a user name and other information

  • A device that has a location, hardware ID, or other information

Both users and devices have an identity that Network Access Control can leverage to control access.

Think of identity not just as a person with a name, but as a label for a user or device. You can create labels for any groups of users to give them identities on the network:

  • Users

  • Printers

  • Fax machines

  • Security cameras

  • Barcode scanners

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.17.203.215