Overview
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Cécilien CHARLOT: Cybersecurity consultant function - Affiliation CGI Business Consulting
INTRODUCTION
Local area networks –, whether wired or wireless, are based on – protocols, notably Ethernet –, which have been designed without natively offering control functionality over the peripherals connecting to the network. These are networks built on a logic of trust. In a context of growing security needs, complex interconnections between different types of networks – including critical networks such as industrial networks – and the multiplication of devices able to connect to the network – connected objects participating in the Internet Of Things, for example, this logic is becoming less and less viable, generating significant risks that need to be addressed. Network Access Control solutions have been developed to address these risks, using a range of standardized and non-standardized approaches and protocols to meet different control objectives.
This article is agnostic with regard to market solutions, and offers a general overview of the problem and the risks involved, as well as details of the technical operation of the solutions that address it. In particular :
it explains the history of the "open local area network" issue and the various risks involved;
it specifies the control objectives of authentication, conformity control, traceability and visibility;
it provides an overview of the different approaches available to achieve each of the control objectives;
it details the operating mode and limitations of the 802.1x standard, which provides a standardized and effective solution for access control, but whose implementation requires significant prerequisites in terms of control over the peripherals connecting to the network;
Finally, it offers a comparative analysis of the four typical architectures deployed by solutions on the market, comparing criteria of efficiency and coverage in relation to the various control objectives, as well as ease of deployment and the prerequisites required to deploy each type of architecture.
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
NAC network access control solutions
Standards and norms
- Information Technology – Open Systems Interconnection (OSI) – Basic reference model: the basic model - ISO/IEC 7498-1 - 1994
- IEEE Standard for Local and metropolitan area networks - Port-Based Network Access Control - 802.1x-2004 - 2004
- Extensible Authentication Protocol (EAP) - RFC 3748 - 2004
- RADIUS (Remote Authentication Dial In User Service)(anciennement RFC 2138) - RFC 2865 - 2000
- DHCP...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference