Chapter 15. Authorization and Access Control

In This Chapter

  • Considering technology that can reduce and manage data access

  • Tracing the phases of automatic Network Access Control

After you've defined security policies for your network, you need tools to put them into practice. Network Access Control (NAC) is a system that enforces security policies throughout the entire network — on managed and unmanaged endpoints (the stuff you own and control as well as the stuff you don't). NAC protects networks from insecure endpoints by continuously enforcing compliance with security policies at the point of network connection. The idea is simple: If you can control the devices that attach to your network and limit the functionality of those you don't trust, then your network is safer.

The world has changed since the days of limited network usage; now you have all sorts of people connecting to your network:

  • Employees (okay, no change there)

  • Contractors

  • Visitors — including customers, competitors, and (yes) would-be hackers

  • Suppliers and partners

If so many people want (or need) to attach to the network, then you need a way to control it. Otherwise a data leak, loss, or breach is bound to occur.

Network Access Control protects access to a range of network types — VPN, wireless, wired-switch, DHCP, and home — by desktops, laptops, servers, guest systems, and embedded devices. By automatically quarantining, correcting (and applying access controls to) noncompliant systems, the software prevents the propagation ...

Get Data Leaks For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.