Network security includes ensuring the confidentiality, integrity and availability of an enclave. This is accomplished using devices such as routers, firewalls, and intrusion detection/prevention devices to allow only approved protocols or services. Only allowing authorized services provides network access control.
Network Access Control (NAC) Systems enforce network security policy at the network access point rather than the client (endpoint) operating system. Depending on the system architecture and configuration, NAC systems can provide physical port security or logical port/access security. NAC systems require authentication for both the endpoint and user before the network access point forwards traffic for that client. NAC systems also require authorization of the client operating system security posture before being allowed access to resources on the network.
Endpoints or users that fail authentication are blocked from any network access either by physically shutting down the port or logically by blocking the MAC or IP address, depending on the deployment scenario. Client devices or users that fail security policy authorization are “quarantined” into a highly restricted network area logically using restricted VLANs or ACLs and are granted just enough access to remediate the client. Once the NAC system successfully authenticates and authorizes a client device and user, the NAC system is responsible for granting the user complete or partial access to the network depending on the privileges assigned to the endpoint or user.