Table of Contents
The network environment is constantly changing and revamping. With millions of users and more connecting each day with an increasing number of devices such as laptops, PDAs and smartphones, it warrants an increased security threat. Network access control is a means of addressing unwarranted access to unwanted users. It sets limits and requirements to ensure that only the approved and allowed users are granted access to the network. For our research proposal, we used data collection and analysis of peer review articles to gather information and data on network access controls: what it is, what is the importance in the ever changing network environment, its significance and the architecture and its implementation within a security plan.
As a preliminary proposal, we concluded the Network Access Control is useful in situations of rogue access points because it’s simply a vulnerability that is threat. Out of the many architectures, we focused on two methods of access, pre-admission and post admission.
In network security, the access level is where it all starts from. It is in the access level that users are allowed or denied into the network, and is the first line of defense for malicious users. We would like to look into Network Access Control or Network Access Security, and see if this first line of defense is able to keep up with the ever expanding digital age, and the “Internet of Things”. We would like to look at the numerous functionalities of the Network Access Control and use the results to compare to the continuous, expanding digital age. As the first line of defense, it is important to determine the benefits of the Network Access Control within an organization’s security plan for example.
Background to the Problem
With employees being the greatest threat in an information system, keeping the first line of defense is ever so important. Once the most vulnerable access level is continuously protected, than security professionals are able to focus on other sectors of network security. “Over 50% of office workers said they regularly use unsafe working practices that risk data breaches and losses, such as forwarding material to personal email accounts, checking work email on personal phones, tablets or laptops, carrying work-related data on unencrypted USB memory sticks and using cloud storage services.” Making sure every employee follows safe working practices is almost an impossible job just because of human nature. They might either not realize they are creating system vulnerabilities or not realize the impact their unsafe acts have on a business’s system. Because of this, we can attempt to solve that problem with identity-based access rights.
For our research proposal, we need to collect data and information from peer reviewed articles in order to better understand the functions and benefits of the Network Access Control. Listening to academic lectures on topics of network security related to the first line of defense, expanded our understanding of the important role it plays. We understand that it is not a complete security solution but it is an aid to network security from unauthorized access to networks. The analysis of all the articles and lectures will further expand our understanding of security threats and vulnerabilities at the LAN Domain. As a group, Hakop, Patrick, Meshal and Tracy’s research tools will rely heavily on documentation review and analysis to guide our research to the proper findings of the causes and effects network access controls have on the Internet of Things. The importance of our research is that securing data is a never ending battle and will continue to be so. Leakage of personal and private data through unauthorized access, which is a vulnerability that may be prevented and stop a threat from being realized, leads to fraud, identity theft and unauthorized use of such information.
This article is titled “It’s time to repeal and replace network access control”, and is essentially talking about how network access control, or NAC, is outdated in the modern day. The article references the amount of devices now currently accessing networks compared to a decade ago, as well as the amount of “Internet of Things”, or IoT, devices that are available and in use today.
The author is saying that the network access control software from a decade ago simply cannot keep up with this new digital age. The access control software made back in the day was not made with the mindset that hundreds of devices, mostly wireless, would be connecting to the network. It is also mentioned that 41% of company workload is ran through some sort of public cloud system. This means that the user can log straight into the cloud network and completely bypass the NAC in its own network, essentially rendering the NAC useless. The author suggests the NAC be replaced with software defined perimeter technology.
Caldwell, T. (2013). Security at the data level. Network Security, 2013(5), 6-12.
With databases now in the cloud, they have become increasingly a favorite target by many. To protect all the data all the time is not an easy thing to do. One of the biggest weaknesses in a system is the administrators and employees who have access to everything whether it be with a password or pin. Because of this, to protect the system a business must make the employees liable with all their data while they have access to it.
By giving those who have access to a system identity-based access rights, this puts a lot of pressure on the employees because it gives the business leverage on their access by knowing who accesses what and when. If a hacker gets into the system with the account of one employee, the system logs will show exactly which employee login was used to access the database. Although this isn’t 100% foolproof, it does push employees into being a lot more careful of their login info, which in turn causes a lot less of a chance they will be irresponsible with it later on.
“Software Defined Perimeter – Cloud Security Alliance: Cloud Security Alliance,” n.d.
This article discusses the new threats to network attacks following the rise of cloud services which have rendered traditional perimeter defense techniques obsolete. Software-defined perimeter workgroup approach to stopping network attacks involves a combination of dynamically provisioned connectivity, identity-based access, and device authentication. This calls for applying the model in the form of an overlay network for common enterprise applications such as remote access. With this design, the host initiating the SDP becomes the client while the accepting host turns into a gateway.
The SDP client, controller, and gateway work together to create a number of security features. These include information hiding which makes it impossible to scan port presence since no visible ports or DNS information are given out. Pre-authentication which is made possible by MFA tokens in the TLS or TLS setups ensuring that verification is performed before granting connectivity. Application layer access providing user access at the application layer and not at the network level, pre-authorization which guarantees the user has privileges according to their roles and extensibility which includes integration of SDP to other security systems.
your paper for you
“Outdated network security tools still rule the roost at many enterprises,” n.d.
The author discusses the potential effect of the aging network security tools that have continued to be used despite the advancing of the surrounding technological environment. This according to the author is as a result of a lack of experienced personnel, lack of awareness and budgetary constraints. It is in the wake of the influx of newer and more sophisticated threats that enterprises should consider bolstering their internet security. VPN has, for instance, come a long way from its inception in the 1980’s.
Its continued use as a security centerpiece is growing ever precarious thanks to newer threats such as insider breaches. Insider threats have in recent years proved potent especially when enterprises have been relying on outdated defenses. Remedying this calls for a combination of procedural and technical action. This involves management of employee privileges, activity logging, and more suitable access control. Despite the ever dynamic threats to internet security, many companies have continued to rely on outdated systems. With VPN being the primary mode of controlled network access, more than half of these companies not having updated their systems. Newer security mechanisms such as intrusion prevention systems, real-time monitoring, and next-generation firewalls are some of the modern tools that have replaced VPN and antivirus.
Dildy, T. J. (2016). Network Access Control: Has It Evolved Enough for Enterprises? ISACA Journal, 4.
The author observes that information security continues to grow and mature. Therefore, as the field of technology continues to expand, there is an accompanied growth in new solutions including techniques that help in data protection from numerous kinds of attacks. Network access control as a technique for managing and securing networks. It also serves to monitor the access and controls the activities on the internet once the devices are connected to it.
It is important for firms to implement network access control for various reasons. The first is that Network Access Control brings the enterprise BYOD threats usually referred to as Bring Your Own Device Threats. As more employees carry their personal devices to work, there is increased threat to the network. As such, Network Access Control enable protection from threats that may arise from such devices. The devices, may include Computers, mobile phones or tablets that may run on either android or iOS. These kind of devices are a possible cause for threats since they may not have the enterprise level antivirus/ antimalware as well as a mobile device, management solutions. Most of the Network Access Control technical solutions are capable of supporting the major operating systems available in the market. As such, the solutions enable the detection of devices when connected to the network preventing likely compromise to the safety of the network. Network Access Control is therefore much useful in protecting the network integrity but could also be helpful in cases where denial or permission is needed to access the network. Through active directory, devices can either be allowed or denied access to the network in Network Access Control.
Secondly, Network Access Control is important for delivering a role based network access. It can be very tasking to deal with huge amounts devices or share permission in large organizations. However, Network Access Control product solutions offers an opportunity to manager all the permissions that may be required for the network storage folders. Thirdly, Network Access Control enables reduction of risk from Advanced Persistent Threats. Although NAC may not provide a solution that enables detection and protection of Advanced Persistent Threats, it is capable of stopping the attack source from gaining access into the network. Therefore, with a proper implementation of the Network Access Control, organizations are able to be in control of both the network and devices that may be connected to it especially when the number of devices are large.
Implementing Network Access Control benefits an organization because it helps prevent non-listed or registered devices from accessing the network. Similarly, NAC has audit logs that enables identification of empty ports and subsequently informs whether they are turned on or off so that they can be taken offline to prevent anyone from mistakenly connecting to them. Additionally, devices that are not supposed to be on the network but are plugged in can be detected by NAC and subsequently removed. NAC also integrates with other solutions like fire walls thereby improving the overall network security of the organization. Such a feature helps in the minimization of possible breaches to the organization network keeping it safe.
with any paper
Lakbabi, A., Orhanou, G., & Hajji, S. E. (2013). Network Access Control Technology-Proposition to contain new security challenges. arXiv preprint arXiv:1304.0807.
The authors explain that Network Access control mechanism has two types of assessment. They include user authentication and device compliance evaluation. The Network Access control consist of authentication, endpoint compliance, as well as remediation and policy enforcement. The authentication serves to validate a user identity before they gain access to the network. NAC is therefore a critical solution to the control of endpoint systems access owing to its user identity feature and the user assement ability. NAC plays a critical role in developing a centralised multilayered security for the network. consequently, the multilayerwd security only allows the Network Access Control servers to become policy decision points. It enbales the integration of separate security products in the network due to its solution implementation. additionally, NAC leverages the directory functions, network infrustructure devices and the endpoint security software in providing the network security.
NAC provisions security acces to each user as well as the end point devices to the network. Most of the solutions provided by NAC to the network entails user authentication features. Others include end point complincae and remediation. Therefore,the user identity can be authenticated for any device that connects to the network. As such, it brings the identity awareness as well as the compliance awareness to the access control and segmentation right in the centre of the network making it a central security manager. Further, NAC has a feature that enables it conduct an alaysis of the mechanissm of sharing security events through standard protocol. It therefore, enables acces of location, user device and can use applications to elaborate better firewalls that would prevent attcks to the network.
- 3 Campus WiFi Challenges That Can be Solved Using Network Access Control. (n.d.). Retrieved from https://www.securedgenetworks.com/blog/3-campus-wifi-challenges-that-can-be-solved-using-network-access-control
- It’s time to repeal and replace network access control — GCN. (n.d.). Retrieved from https://gcn.com/articles/2017/03/28/software-defined-perimeter.aspx
- Outdated network security tools still rule the roost at many enterprises. (n.d.). Retrieved from http://blog.trendmicro.com/outdated-network-security-tools-still-rule-the-roost-at-many-enterprises/
- Software Defined Perimeter – Cloud Security Alliance : Cloud Security Alliance. (n.d.). Retrieved from https://cloudsecurityalliance.org/group/software-defined-perimeter/#_overview
- Caldwell, T. (2013). Security at the data level. Network Security, 2013(5), 6-12. (from Background Problem)
- Dildy, T. J. (2016). Network Access Control: Has It Evolved Enough for Enterprises? ISACA Journal, 4. Retrieved from: https://www.isaca.org/Journal/archives/2016/volume-4/Pages/network-access-control-has-it-evolved-enough-for-enterprises.aspx
- Lakbabi, A., Orhanou, G., & Hajji, S. E. (2013). Network Access Control Technology-Proposition to contain new security challenges. arXiv preprint arXiv:1304.0807. Retrieved: http://file.scirp.org/pdf/IJCNS20120800007_23430945.pdf