In the recent old ages, use of nomadic users and the type of nomadic devices are increasing quickly. The Access for informations can be requested from anyone and from anyplace. The entree should be provided besides the informations should be protected. As the different ways of accessing the information additions ( through Mobile device ) the hazard in protecting the information besides increases. All these entrees to the informations produce many mal maps and viruses to the storage.

The NAC ensures that, when a computing machine is seeking to link to our protected web, it will non be permitted to entree any informations until and unless it satisfies with the set of pre defined policies. The policy includes the protection of anti-virus, OS update degrees. Merely when the policy is met the computing machine is allowed to entree the information and the cyberspace. Besides while the computing machine is checked for the set of policies, it will merely let accessing the resources that can be resolved or updated if there is any issue.

The Purpose Of The Nac Device... TOPICS SPECIFICALLY FOR YOU

Company ‘s background:

It is a medium sized company which provides services and solutions for IT. The organisation ‘s substructure is likely to be distributed geographically, in which more than 5000 employees are working.

There are few undertakings in the company were the squad members will be working from different sites ( that are geographically separated ) . In those instances, the undertaking inside informations ( all the information about the undertaking ) and its several client inside informations will be placed in the SAN accessing storage web. The undertaking members who are geographically distributed, will entree this SAN storage web for their undertaking inside informations.

Critical asserts of the company:

The critical asserts of the company is the SAN storage which has many critical information sing the company such as

Undertaking inside informations

Customer inside informations

The company can non afford to lose the information on the SAN storage ; besides the information should be secured. If any hacker got to cognize about the information on the database so the company will be losing many undertakings and that will be great loss for the company. So the SAN is the critical assert and that should be secured and besides entree should be provided for the employees.

Critical substructure of the company:

The Storage country consists of some Tera bytes of storage infinite. If any malware that makes the hardware mal map can non be low-cost. The company has invested to a great extent on the storage infinite, besides the Routers and the Switches that connects the different subdivision offices plays a critical function. All those Routers and the Switches should be taken attention.

Issues with the current SAN architecture:

The current architecture of the company does n’t hold proper device or package to supervise the users who are logging in and the device that will protect the database.

Some of the issues addressed by the Network decision maker:

Because of the undermentioned issues the undertaking inside informations that is stored in the SAN is acquiring affected.

The cardinal issue that can assail the database are the viruses ; the architecture does n’t hold any monitoring tool to supervise the virus malware tool of the employees who are linking to the database.

The database should be maintained even after the employees log out of the database.

Affected employees are non indicated to the net admin and besides to the employees ; hence they are acquiring affected by their undertaking work.

Recommended solution:

Keeping all the issues in head, the NAC ( Network Access Control ) will be the more appropriate solution. Chiefly the NAC ensures that the devices come ining the protected web will non present viruses and any other malware that harms the information. Besides the NAC continuously monitors the devices activity until it leaves the web. It besides ensures the protection even after the device leaves the web. Besides the NAC provides solution bellow the Data nexus bed, in which most of the networking devices work.

Functionality of the NAC:









Detection: It detects and identifies the new devices that are linking to the web.

Authenticate: It authenticate the users and the devices linking the web.

Buttocks: The terminal system will be accessed for their exposures

Authorize: The devices and the users will be authorized utilizing the consequences of appraisal and the hallmark.

Proctor: the devices and the users will be monitored once they are connected to the web.

Contain: the affected devices and the users will be quarantine to forestall the full web.

Remediate: it will work out the jobs and supply entree to the web.

Goal of the NAC:

The basic concern benefits of implementing NAC is as follows

The NAC will supply the below given inside informations:

WHO – who are all allowed to link to the protected web ( Roles )

HOW – how are they allowed to link to the web ( Rights )

WHAT – what are they allowed to link ( Resources )

WHERE – where should they acquire entree? ( Location )

All the above said concern issues are really critical information used to keep the companies critical asserts.

Execution of NAC:

The execution consists of four stairss, they are explained below.

Pre – Admission in Network Access Control:

The Pre admittance procedure is to place the devices that try to login to the protected web for the first clip itself. It will roll up the undermentioned information before acknowledging it to entree the web.

Whether it is a known user or the user seeking to entree for the first clip.

Connecting through wired or wireless connexion.

IP and MAC reference of both the end points.

User ‘s OS inside informations like name of the OS, the security spot inside informations.

Antivirus signature files.

By utilizing some predefined parametric quantities the NAC will do a determination to let or deny entree to the peculiar user. Devicess that fail to the basic degree of mandate will be flagged for the hereafter intent and NAC allows the web decision makers to put the degree of entree to the devices that are logged in to the protected web.

Post – Admission in Network Access Control:

The station admittance of the NAC is really of import to maintain the web protected by assorted menaces. This faculty of the NAC take attentions of the devices that log out of the web after logging in and processing are decently controlled. This mainly trades with the policy and menace monitoring.

The policy is the set of regulations given by the web decision maker, like the sort of procedures that are allowed in the organisation. Policies such as:

Instantaneous messaging

File transportation

It besides proctors and mitigates, port scanning

Mass Mailer

Zero twenty-four hours menaces.

This type of procedures ensures that the protected web can suit new users and distant users with accomplishing high degree of security.


The NAC solution is capable of insulating the device that fails in the policy and menace monitoring. The NAC solution can make the isolation without impacting other clean devices. For making this procedure it does n’t necessitate ant particular hardware or agents. When a device is in quarantine province, it will be notified to the terminal user and the web decision maker about the province and why it has been in that province. Once any device is identified and kept under quarantine province, it will be sent to remediation procedure.


The appropriate redress procedure for the quarantine will be done by the NAC, some of them are:

Patch direction

Anti-virus update

Anti-spyware update

Malware remotion tools

Internet merely entree

Other services defined by the web decision maker.

The web decision maker have the authorization to manually add or take devices from or to, to the quarantine province. The stairss in the redress province will convey the devices back to the normal province and so it will be given entree to the protected web.


The NAC solution is centrally monitored and it provides an interface of the disposal, device package updates, menace auditing and care. This interface will supply a limited configurable entree to the web decision maker. It will use the permissions for groups instead than separate users. It will be directing the syslog informations to the connected syslog waiters and give support for the SNMP disposal. The system should be holding storage for hive awaying 30 yearss of informations.

NAC Architecture:

There are three types of NAC architecture as follows:

Software based NAC

Infrastructure based NAC

Appliance-based NAC

All the three has its ain importance to talk about it, one of it can be selected based on the demand and the policies and cost restraints of the organisation.

Software based North atlantic council:

The package based NAC can be straight installed straight on the devices. They are the easiest and this can be done irrespective of the devices seller. But for the better public presentation they need to be integrated with the 3rd portion contraption.

Infrastructure based NAC:

This type of NAC requires devices that already present in the web with NAC capableness such as, NAC – enabled switches, routers, waiters etc… They work with the end point agents for executing conformity cheques, security updates and redress. They are really complex to deploy but supply more scalable options.

Appliance – based North atlantic council:

They are normally called as out-of set, i.e. the users are passed via the devices for review and this demand non be done for every individual informations way. These contraptions are first-class at the station admittance cheques in order to protect from the malicious activity. They are really easy deployable but less scalable in larger environment.

Recommended solution architecture:

The recommended architecture has an NAC contraption implemented in the SAN storage.

After implementing the NAC contraption, all the connexions to the SAN web will be connected through the NAC. Hence the holla listed things will be ensured.

Each and every connexion will be authenticated before acquiring the entree.

Before acquiring the hallmark, all the policies given by the web decision maker will be authorized.

The user will be checked whether they are logging in for the first clip or an bing user.

OS spots will be checked and ensured that the user seeking to link is holding latest security spot installed.

It will look into for the Anti-virus package.

Type of connexion, whether it is wired or radio.

The users IP reference and MAC reference will be noted.

A log will be maintained for each user, with the list of the files accessed by the users.

The NAC will protect the web even the device has logged out of the web. A log will be maintained for the hereafter intent, which consists of WHO, HOW, WHAT, WHERE information ‘s of the users. Minimum of 30 yearss information will be logged. The policies can be set by the web admin besides ; there is a proviso for the web decision maker to let or deny a user who is in quarantine province. The quarantine province user will be remediated harmonizing to the province of quarantine and the entree is given to the user. Thus the NAC solves the issues in protecting the SAN storage efficaciously.



For the above discussed issues the most appropriate solution for this type of web architecture will be NAC ( Network Access Control ) . It is appropriate because a individual NAC contraption can get the better of all the issues mentioned earlier.

Recommendations / Stairss to be followed:

The first measure is to place the type of NAC ( Software, Infrastructure & A ; Appliance ) that best suits the administrations web architecture.

Choose a NAC merchandise based on the type of NAC selected in measure one.

Identify the type of seller which is low-cost and cost effectual for the organisation.

Based on assorted sellers the below tabular array shows the merchandises for different types of NAC.

Table 1: Merchandise information on assorted sellers:



Software based

Infrastructure based

Appliance based

CISCO Systems

CISCO NAC contraption, NAC waiter, NAC Manager, NAC profiler, Guest waiter

Not licensed merchandise

Full NAC solution

Not licensed merchandise


Microsoft NAP for Windowss Vista, XP SP3, Server 2008

Full NAC solution

NAC functionality but no dedicated merchandise

No solution


MNAC 3.0

Full NAC solution

No solution

NAC functionality but no dedicated merchandise

Juniper Networks

UAC Infranet accountant

Not licensed merchandise

Full NAC solution

NAC capableness is at that place but non primary focal point

Still procure

Safe entree

Full NAC Solution

No Solution

Full NAC solution

Bradford Networks

NAC Director, Campus director

NAC capableness is at that place but non primary focal point

No solution

Full NAC solution

Install the NAC contraption.

Configure the Pre- admittance and Post-admission entree controls.

Check the Quarantine and Remediation procedures.

Audit the NAC studies often for exposures.

On successful installing and execution of the NAC contraption, we will be able to protect and keep the SAN in a proper and better manner.

Share this Post!

Kylie Garcia

Hi there, would you like to get such a paper? How about receiving a customized one?

Check it out