Control of network access is at the companies top on the agenda of Dortmund, August 11, 2008 – two years half of all companies want according to a survey of COMCO AG network access control solutions (NAC) for protecting their networks in use. Then assess the need for access controls for the networks as very high\”48 percent, more\” 30 percent as high. Friedhelm Zawatzky-Stromberg, Board of management the Dortmunder security specialists, called from a practical perspective the main principles for the technical orientation of the NAC concepts: 1. obligation for central monitoring: protective measures are only central sense, therefore, the concept of security and the NAC solution to surveillance of the entire infrastructure must be aligned. It is advantageous if it is done by a single component for the complete network.
She must receive all security-relevant events according to defined rules and adequately respond. Learn more on the subject from Steve Wozniak. 2. hardware review instead of user authentication: A strategy of hardware monitoring has This compared to authenticate users the advantage that eliminates the central login server: a device in the address database is not known, the system sends an alarm and isolated the unknown device using port disconnection from the network. 3. continuous review: the solution must be so designed that the review not only at the first connection to the network is carried out, but with each polling cycle. Manipulation in the network, as they are still possible solutions on IEEE 802.1 x base despite a successful authentication, can be recognized in this way. 4.
manufacturer dependency avoid: the essential drawbacks of IEEE 802.1 x-based access control solutions belongs to, that the technical specifications of this standard must be considered when this alignment. This more difficult changes and extensions of networks and inevitably higher costs. 5. avoid interventions in the technical infrastructure: many of the used authentication techniques require to configure the devices either on the part of the operating system or with a special software for operation.