NAC access control solutions

Local area networks –, whether wired or wireless, are based on – protocols, notably Ethernet –, which have been designed without natively offering control functionality over the peripherals connecting to the network. These are networks built on a logic of trust. In a context of growing security needs, complex interconnections between different types of networks – including critical networks such as industrial networks – and the multiplication of devices able to connect to the network – connected objects participating in the Internet Of Things, for example, this logic is becoming less and less viable, generating significant risks that need to be addressed. Network Access Control solutions have been developed to address these risks, using a range of standardized and non-standardized approaches and protocols to meet different control objectives.

This article is agnostic with regard to market solutions, and offers a general overview of the problem and the risks involved, as well as details of the technical operation of the solutions that address it. In particular :

• it explains the history of the "open local area network" issue and the various risks involved;

• it specifies the control objectives of authentication, conformity control, traceability and visibility;

• it provides an overview of the different approaches available to achieve each of the control objectives;

• it details the operating mode and limitations of the 802.1x standard, which provides a standardized and effective solution for access control, but whose implementation requires significant prerequisites in terms of control over the peripherals connecting to the network;

• Finally, it offers a comparative analysis of the four typical architectures deployed by solutions on the market, comparing criteria of efficiency and coverage in relation to the various control objectives, as well as ease of deployment and the prerequisites required to deploy each type of architecture.