4.1. Creating Policy
One of the most important pieces of any network access control infrastructure is the policy engine. The policy engine is central to a NAC deployment because it controls your entire NAC deployment by creating user access rules and controlling enforcement point in the network infrastructure.
NAC central policy engines are called many different names:
Policy decision point
The policy engine is responsible for determining whether a device or a particular usage should have access to the network. The policy engine also controls all the enforcement points on the network, whether the policy engine is a network appliance or a software agent running on a desktop machine or network server.
One of the primary roles of a policy engine is to make network access decisions based on access control policies determined by the NAC administrator. The core of the NAC policy typically includes three pieces of information:
Network information: Source, destination, port, and protocol
Traditionally, a firewall policy examined the network information. The policy engine incorporates that function.
Endpoint integrity: Identifying hardware, applications, and the security posture of the endpoint.
User identity: Identifying the user and the user's groups.
With NAC, this policy includes network, user, and device information, using the policy engine and its primary job functions.
188.8.131.52. 802.1X control
The policy ...