The current perimeter solution could bring a lot of value to your organisation by defending threats and attacks at the perimeter. However, with todays sophistication of attackers, systems tend to be cracked from the internal network. Hence, a Network Access Control (NAC) tool can be useful inorder to connect the end users with the right authentication. It can be tempting to purchase a off the shelf NAC product and install it on your hardware. This could be catastropic to your network security as the solution is not catered to your network as well as its intended use. Implementing an appropriate NAC will save the organisation the trouble of spending valuable time and money in recovering and detection of threats by taking the steps necessary to plug any vaunarabilities in the network. This article aims to give a step by step guideline to any network security professional to design and plan an entire NAC solution.
Steps to Implement a NAC Solution
1. Survey your network
It is recommended to perform a survey of all the endpoints within your network. That should include, but not limited to, all your server, network devices, user PCs, and piece of equipment that has a leg into your network and is able to access your digital resources. Without this kind of information, NAC would struggle to protect the entire organization, and the system admins will need to spend lots of their time and energy to implement and troubleshoot.
2. User Identities
It is a must to have a solid plan about how you will manage user credentials and identities within the organisation. You internal directory system should be able to verify user identities. All users should be manageable and have their account information details. After setting up all the account details and understanding the role of each user, then, you can move to the next step to determine how the permission or roles be allocated.
3. Designing policies
Creating permission policies by using Principle of Least Privilage (PoLP) rules. It means you should only grant access at the mandatory level required for the individual users to perform their daily duties. This is one of the most critical steps as you do not want to open your systems up to attack through small security gaps that you are not even aware of. Having all teams together and making a concrete structure in which everyone would be able to access the network securely.
4. Apply Permissions
Once the permissions determined, you can have the permission policies ready by integrating your existing directory system or importing your permission policies directly. All valid users will be registered to the NAC system, and all activities can be recorded and tracked. Illegitimate access will be blocked at the edge of your network.
5. Maintaining policies
Managing network access controls is not a one-off activity. As there would be staff and network changes constantly, network admin must constantly monitor security operations and adjust policies based on business requirements and network evolvement.
How to choose a Network Access Control solution
As discussed earlier, today’s NAC products aim to cover a wide range of use cases to boost the overall security of your enterprise. That can make it challenging to find the right solution for your company, especially if you don’t know what your internal security weaknesses are.