Evaluation of Network Access Control - Report Example

Network Ассеss Соntrоl Соmраrisоn/Еvаluаtiоn Student’s Name Institution Introduction Network access controls (NAC) can also be referred to as network control admission. They are security bolstering methods of a selected network where network resources are restricted to end-point procedures which are aimed at complying with a certain security policy. In addition, NAC restricts every particular data that a user has access to and the implementation of the anti -threat application, such as, spy ware and firewalls (Plunkett, 2008). Many networking and IT companies have established NAC products. Some of these examples includes -Aruba NAC (clear pass), -Juniper NAC, -Forescout NAC, and -Cisco NAC. Therefore, this paper aims at giving detailed information on the comparison of these NAC’s in terms of their functionality and security aspects. Aruba’s NAC This network access control is a standard solution aimed at providing a strong security, as well as, a mobile context to any given policy infrastructure (Plunkett, 2008). It is able to determine the user information through a series of questions, such as, the user identity, which is, based on knowing who is the user, role he or she has in the organization and the rights he or she possesses. The other question is on compliance which focuses on the antivirus type, user access point applications attempted in the access and the user traffic sign of viruses. Finally, it is on the enforcement, that is, how the policies are enforced in the context of helping the user (Kelley, Campagna, & Wessels, 2009). It is clear that comprehensive NAC components are offered and they provide a standard interface that Aruba has in order to interoperate with third party NAC solutions. Another issue to note with Aruba is that the use of its extended services interface solutions can easily correlate traffic inspection results by inline security procedures. Functionality efficiency Aruba network access contains a mobility secure solution controller which is aimed at providing management and a stateful firewall based policy. This controller architecture provides an integrated ICSA stateful firewall that is unique from other networks. The controller is also responsible for controlling the performance requirements of a high speed 802.11n which has a 32 core network processors that are multi threaded. These controllers improve the functionality of Aruba because they can also be configured in such a way that they support mobility and security of national deployments within the network. Cisco network access control This is usually an access control solution that has a distinguished basement from Cisco and brings in together a number of solutions (Kelley, Campagna, & Wessels, 2009). It is an effective closed network solution, and it is able to introduce interoperability aspects with third party networking equipments and software’s. In this kind of NAC, defining its threat containment can be foreseen by having a close access security measure issues on the endpoint devices through enforcement of security policies. Virus and malware are easily mitigated by Cisco NAC once they pose any insecurity aspects. The user of this network is able to enjoy interfaces that have fewer infections compared to other NAC (Elliott, 2007). The users does not keep on calling out for help from the help desk, and an increased resilient network. Research has shown that University such as Virginia Commonwealth University has managed to reduce the rate of infections in the student’s network by 90%. Operational Efficiency Cisco NAC can be of great importance to many organizations because it helps in upgrading the operational efficiencies. That is, it is able to provide a guest access service that is secure, and as a result, the IT sections work becomes easy. The Cisco profiler is able to automate the labor intensive process where it identifies and tracks the non pc procedures within the network. Therefore, it is able to save major IT resources. In addition, once the configuration standards are applied all across the assets of the enterprise, the overall organization operations improve significantly. This kind of standardization results from an effective asset management and controls. Reduced overall cost, infrastructure cost of ownership, and reduced operational expenses are also as a result of an effective operation of Cisco NAC (Lammle, 2005). According to the above analysis, it is clear that Cisco NAC users are able to protect their private information, infrastructure, and assets in a proactive way (Wu, & Pan, 2008). It is also able to deliver a great deal of security benefits enabling the customer network resiliency to increase, and eventually improving their business results. Juniper NAC Jupiter control access is based on the trusted computing group. It aims at coming up with standard base of API’s for the components of most of NAC follows the TCG model, but, for the case of Jupiter an active role is adopted where it has decided to promote and adopt it. Jupiter also contains the posture assessment, where measurement integrity verifiers are used. These verifiers help in determining how policy enforcement is to be carried out. Jupiter UAC has a radius proxy, server, and an endpoint security checker. It also has an access control manager which helps in its operations flexibility (Knipp, & Danielyan, 2002). One notable feature of AUC is that it is able to mix a match of tree operations models although this may result into a complex un-manageable configuration. The authentication process can easily be mixed with the security endpoint checks through the use of Mac and windows. As a result, the installed clients and the web based have enough support for end point security checks. Jupiter UAC has a capability of pushing the host based access controls to some networks that have devices that uses the UAC client. Jupiter functionality efficiency Jupiter functionality is advanced by the fact that the end point security check does not get terminated at the moment of the authentication. The continuous end point and the external checking intrusion are able to detect and have system prevention features that support either TCG or IDS (Pike, 2002). It is also notable that among the four networks analyzed in this paper, Jupiter UAC integrates the NAC products with an SSL VPN line of products. This takes place despite the fact that the mechanism is very complex. Forescout NAC This network is an automated security wise and has a control, platform that enables it to measure compliance with the security policies and remedies of endpoint deficiencies. (Fratto, 2002). It operates in real time, does not contain blind spots, and it does not require endpoint cooperation. In terms of security, Forescout is able to rule out guest and unknown computers within a set network. It runs some network success policies that are desired by the network owners. This move can be achieved through the application of features, such as, integrated appliance. Another thing to note with this network is that everything is within a single appliance, which has nor software to install neither to configure (McQuerry, 2000). There is also an existing infrastructure, which includes, switches, endpoint securities system, and as well as, the reporting systems. The other security features include the built in radius, and an automated exception handling. This helps in maintaining a continued monitoring of the network endpoints, and as a result, eliminating the security risk behaviors. Forescout functionality efficiency This network control access contains a control fabric which is an open technology that helps in exchange of information within the network. The fabric enables in solving of an extensive variety of network operation and security issues within the network. Some of its functionality features include the following: it’s a policy manager, that is, it is possible for an enterprise to come up with security procedures that makes it easy to control security configuration issues (McQuerry, 2000). Visibility is another crucial feature, non- compliant computers are easily detected, their owners, and the way they are not compliant to the laid down procedures among other important aspects. Forescout functionality is backed up by features of endpoint remediation .This counter act is able to direct the server containing the anti-virus to auto-update the host that is not complying to the set procedures or disable it from the network (Fratto, 2002). Apart from these functionality features, the operation cost of Forescout is low compared to other NAC’s. It is clear that there is no need of installing software’s and configurations within this network making it much more affordable. Conclusion The above analysis clearly shows that each of the four NAC’s have different security measures that is aimed at increasing their efficiency. Some of these features are integrated in order to minimize the overall operation cost. One common factor with all the four NAC’s is that they are all determined at minimizing the cases of malware and viruses which poses a great threat to the networks. References Elliott, K. (January 01, 2007). Securing the network. Network access control solutions can be an important tool in the fight against intrusion. Healthcare Informatics : the Business Magazine for Information and Communication Systems, 24, 3.) Fratto, M. (January 01, 2002). FORESCOUT ACTIVESCOUT FINDS AND NEUTRALIZES IP ATTACKS. Network Computing, 13, 22-25. Knipp, E., & Danielyan, E. (2002). Managing Cisco network security. Rockland, MA: Syngress. Kelley, J., Campagna, R., & Wessels, D. (2009). Network access control for dummies. Hoboken, N.J: Wiley. Lammle, T. (2005). CCNA Cisco certified network associate study guide. San Francisco, Calif: SYBEX. McQuerry, S. (2000). Interconnecting Cisco network devices. Indianapolis, IN, USA: Cisco Press. Plunkett, J. W. (2008). Plunkett's advertising and branding industry almanac 2008: The only comprehensive guide to advertising companies and trends. Houston, Tex: Plunkett Research. Pike, J. (2002). Cisco network security. Upper Saddle River, NJ: Prentice Hall. Wu, H., & Pan, Y. (2008). Medium access control in wireless networks. New York: Nova Science Publishers. Rollouts - Network General Network Intelligence Suite 4.2; ForeScout CounterAct 6.0; eTelemetry Metron. (January 01, 2006). Network Computing, 17, 20, 28. Read More