What is identity-based NAC?
Identity-based NAC focuses on the identity of the user—the “who”—as the principle means of making an access control decision. This provides much more security and accurate access control than solutions that determine access solely based on the device that’s trying to gain access, such as a laptop or desktop computer, which are often being used by different people at different times.
Why is an identity-based NAC approach important?
Most other approaches focus on checking patches and other host security controls. They do this through scanning the device or using an agent resident on the host. While this is a valuable, it doesn’t add much value beyond the capabilities of the host security alone. Identity-centric NAC allows users to be put in particular partitions of the network that addresses several emerging business problems such as guest management, role-based segmentation, and regulation compliance.
How does the Identity Engines NAC solution compare with Cisco, Microsoft, & Juniper NAC initiatives?
The Cisco, Juniper, and Microsoft NAC initiatives all assume that you use their products for some significant element of your infrastructure: for Microsoft, the servers and workstations; for Cisco, the switches, routers, VPN gateways, WLAN APs, AAA servers, and client supplicant; for Juniper, their client supplicant, firewalls, and AAA servers.
Identity Engine NAC affords compatibility with all types of vendor equipment, and our system supports NAC standards as they emerge beyond the current RADIUS, 802.1X, and EAP. Furthermore, only Ignition™ has the policy flexibility and directory integration necessary to support today’s NAC policies as well as tomorrow’s.
Why is vendor-neutral NAC important?
The standards for NAC are still emerging, so whatever NAC you deploy should be flexible enough to meet those standards as they emerge.
Networks and computing in general are by their very definition heterogeneous since they are built over time and no one vendor can supply everything your network needs. The techniques by which you authenticate and authorize access to those computing resources must be heterogeneous as well to afford the most flexibility in deployment and operation—it just doesn’t make sense to be locked in with only one vendor.
How does Identity Engine’s solution fit into existing NAC frameworks?
Identity Engines solution can act as an entire user-centric NAC solution in itself, or it can augment the limited policy capabilities of alternate NAC approaches. In the latter role, Ignition provides policy services and authentication focused on the user through rich integration with an organizations current back-end directory stores. This allows decisions around access based on country of citizenship, job title, location, and a host of other attributes, mixed in whatever combination makes sense for an organization.
Want a policy that only lets accounting users on the financial system during business hours, and only when coming in via the wired network? With Ignition™, such a policy is just a few mouse clicks away. With other solutions, such a policy is cumbersome, if indeed it can be configured at all.
Still have unanswered questions? Let us put you in touch with a solutions specialist today that can answer all your questions about the Identity Engines' solutions for Network Access Control.
