1.3. Understanding Clientless and Client-Based NAC
While NAC solutions may be different, they do basically fall into two categories:
Clientless — No software is installed on the device to assist with the NAC process.
Client-based — A software component is preinstalled on the device to assist in the NAC process.
There are a number of factors that determine which type of solution makes the most sense for a particular organization. As you'll see, client-based NAC provides the most detail about a device, although installing software on every machine trying to gain access to a network may not always be possible.
1.3.1. Clientless NAC
A good example I've seen of clientless NAC came from my dealing with a university. They were a fairly good-sized university that was known around the country as being extremely strong academically. It had a network throughout its campus that both students and faculty would access. This network provided access to campus resources, as well as access to the Internet. Because of the mix of users and the fact that campus resources and the Internet were both accessed, the university felt the need to perform a level of analysis on devices trying to gain access to the network.
The major issues the university ran into with trying to put together this type of solution was the sheer number and diversity of devices that needed access and the fact that it couldn't possibly support putting software onto all of them. It wasn't just a question of physically getting the ...
Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.