The safeguarding of networks and the data transported via those networks is now one of the most important items on the agenda of IT and corporate strategists. Especially in large, heterogeneous networks comprising a multiplicity of components of different ages from many different vendors, it is absolutely crucial to secure all the components and data in their entirety.
 

In 70 percent of cases, the greatest hazard to network security resides within the company itself

The threat scenarios are many and varied. These days, the external dangers posed by worms and viruses can usually be repelled successfully with firewalls and anti-virus software. The greatest dangers, however, lie hidden within the company itself. Companies are increasingly expecting their employees to be mobile and, conversely, employees are dependent on being able to connect with their corporate network from anywhere in the world. At the same time, companies are increasingly having to open up their IT systems for subcontractors, external service providers and guest users. According to a survey conducted by the Aberdeen Group (2007), this growing number of devices, device types, user groups and access inquiries is leading to the dissolution of network delimitation and therefore to huge security gaps.

The biggest challenge is posed by complex, heterogeneous networks

Closing these security gaps is the task of network access control (NAC). Although the numerous and highly diverse providers on the market are trying to achieve a certain degree of interoperability for their systems, this promise has not yet been fulfilled in its entirety. In large, heterogeneous networks with well over 300,000 ports, the disadvantage of largely proprietary approaches of this kind geared towards the respective supplier is that not all the components and systems are supported, which in turn means that only sub-areas can be secured. As IT departments are working constantly to enhance their corporate networks these days, the biggest challenge lies in the securing of large, heterogeneous networks. To achieve this, effective network access control (NAC) must be able to monitor, control and secure the respective network centrally in a way that is vendor-independent and comprehensive.

The key tasks of network access control (NAC) are:

1. unambiguous identification of and role allocation for users and devices,
2. management and preparation of individual guidelines and roles for various user groups,
3. observing compliance with the prepared security guidelines (policy),
4. quarantine and automatic restoration of non-compliant devices.
   

The successful implementation of network access control (NAC) is divided into the following steps:

recognition, localization, authentication

• Automatic recognition and pinpoint localization of the network components; independent of the place of access in real time, including the wireless networks (WLAN)
• Unambiguous authentication of users and devices for guaranteeing the identity in accordance with standard IEEE 802.1X
  
  

Assessment

• Checking hardware and software for weaknesses, recognition of security gaps and compliance with set corporate guidelines (policy)
• It makes sense to integrate the assessment into the logging-on process in real time
  
  

Authorization

• Access control for users and devices in respect of the predefined areas (guest, quarantine or productive areas), based on the preceding checks  
• Automatic alarm procedure in the event of unauthorized network access or faulty behaviour by an endpoint device
• Reaction in real time: possibility of immediate automatic disconnection from the network and isolation in a guest network
  
  

Remediation

• Restoration of compliance with the corporate guidelines policy
• Provision of an infrastructure for supplying the systems under quarantine with software updates, current virus signatures, patches, etc.
  
  

Monitoring

• Permanent monitoring of all devices for their compliance with the policy following access to the productive area
• Possibility of appropriate reaction to any system alteration and/or infringement of the policy in real time

If network access control (NAC) is to integrate the growing demands on network security in a comprehensive and future-proof manner, the following factors should be borne in mind:

• Vendor-independent network access control (NAC) solution for the securing of large heterogeneous networks
• Integration of the standard IEEE 802.1X
• Real-time analysis of the data flows in the entire network
• Visual depiction of the network structure in its entirety (topologically, geographically and organisationally)
• Greatest possible degree of automation  
• No limitation of resources
• Securing of growth-oriented networks of any size and heterogeneity level
• Intuitive user interface for centralized monitoring
• Quick implementation
• Integration of existing security software

Not all suppliers safeguard complex, heterogeneous networks in their entirety  

Few solutions currently offer the comprehensive, vendor-independent securing of large heterogeneous networks. They either secure only vendor-specific sub-areas of the network, fail to integrate the modern standard IEEE 802.1X, fail to offer automated, pinpoint recognition of security gaps, or cannot react appropriately in real time to security gaps that are ascertained. Problems are caused by the sometimes long and cost-intensive implementation phases taking up to three years, at the end of which the project scope previously ordered has usually not been completed in full.

First vendor-independent network access control (NAC) solution

AUCONET is the first provider to offer vendor-independent, comprehensive control for the securing of networks of any size and at any level of heterogeneity. Following a speedy implementation phase – up to 400,000 ports in just a few weeks – you will have a centralized, intuitively operated network access control (NAC) system at your disposal. AUCONET offers you the automated full virtualization of your entire IT environment right up to port level and tells you exactly what device is in what physical condition where - without any costly manual recording:

• Vendor-independent
• Supports IEEE 802.1X, MAC and PWA authentication
• Automated recognition and pinpoint localisation
• Visual depiction of your network structure in real time: topologically, geographically and organizationally
• Verification and administration of free ports

Find out more about the uniquely effective next-generation network management.