3.1. LAN-Based NAC
When people think about Cisco NAC, Microsoft NAP, and so on, they are thinking about LAN-based NAC. The purpose of this type of NAC is relatively straightforward: protect the LAN from "bad" devices. This is quite simply done by accessing them in some way, then taking some action when they attempt to gain access to a network. Here's how this relates to the various types of devices that could potentially be a threat.
3.1.1. Sedentary Desktop
In the past, when walking through the cubical farms of corporations you would see primarily these types of devices. The CPU would be under the work area and a big honkin' monitor would be on top of the work area. This is still the case at some companies, although laptop sales have surpassed desktop sales, as more and more organizations are simply giving their employees laptop computers. That notwithstanding, desktop computers certainly do exist.
The thing about desktop computers is that, generally speaking, they don't move a whole lot. Does this mean they don't cause a threat and shouldn't be considered when looking at NAC solutions? No, I wouldn't say so. You'll see throughout this book and in your own research that the biggest threats do come from the laptops, but they aren't the only threat.
Can a sedentary desktop actually cause problems to LAN? Absolutely, as you'll see in Chapter 4. Desktops can become infected and have their security posture become noncompliant just as any other device can. The main reasons for this ...
Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.