Network Access Control during access to your corporate network

In a Virtual Private Network (VPN), each end device is a potential gateway to the central network. A personal firewall does not offer sufficient protection against hacking. In order to protect your business against industrial spying and economic crime, you have to employ various different security mechanisms which are centrally supervised and coordinated. 

From the legal perspective, too, access control has become essential in order to provide secure operation or corporate networks.

The market offers various Network Access Control (or Network Admission Control) Solutions (NAC) most of which are complex and difficult to manage. Of course, NAC is part of NCP's holistic VPN solution and it is optimized for all remote access demands.  

It is obligatory for each accessing device to verify itself to NCP's central Secure Enterprise Management. Usually, the software verifies a number of information of the client platform. The purpose of NAC is to only allow network access to devices which have been classified as safe during examination.  

Use the NCP Secure Enterprise Management in order to create NAC security policies and assign them globally, group-specifically or individually to the clients. The security policies define whether a device meets the preset requirements and whether it is allowed network access.  

NCP's Network Access Control (NAC) comprises several steps: 

  • Identification of the devices
  • Checking compliance with the corporate security policy
  • Depending on the result, the end device is allowed network access or put into quarantine
  • After compliance to the security policies is restored, the end device is allowed access to applications and the corporate network. 
  • If the end device does not comply, it is disconnected

Our NAC software operates in real time and recognizes all accessing clients. Without real time control, hackers have a host of opportunities to attack a network and to import malware. For this reason NCP's NAC solution excludes conspicuous or unknown devices from the network and puts them in quarantine.

A device in quarantine has to pass several security checks, which have been defined by the administrator previously. NCP's NAC software analyzes if, for example, current service packs, patches or up-to-date antivirus engines have been installed. Furthermore it examines services and file information as well as registry values. Based on filter rules at the VPN gateway and in the NCP Secure Enterprise Management, the NAC software constitutes an essential buffer zone ahead of the network.

This means, meeting corporate security policies is mandatory for each device while the user can neither avoid nor manipulate them.

Overview of all functions of NCP's NAC solution:

Clear identification and localization of Remote Access clients in the network.

Clear authentication of the user’s identity and / or terminals using e.g. active directory and RADIUS server (EAP).

Endpoint Policy Enforcement
This checks if remote access clients comply with the company’s security policy if e.g. the operating system is admissible, required patches are installed or the most recent antivirus engines are installed or if the most recent signature is available.

This function puts a client which does not comply with the security policy into the quarantine zone. A range of options apply in quarantine that allow the user to work in a constricted fashion or to establish client conformity by providing relevant information.

Differences to the target specification are logged and can trigger the following notifications or actions,for example:

  • Notification display at client
  • Notification output in the client log
  • Sending of a notification to the management server
  • Sending of a notification to a Syslog server
  • Activating firewall rules
  • Stopping the VPN connection

Continuous check
The check is not only carried out for the first attempt of connection establishment to the network but for each connection establishment after that. It is, furthermore, repeated in a pattern which is established in the policy.

Fast and cost-efficient implementation and administration is guaranteed as part of the integrated NCP Remote Access solution. This also means low operating costs and a fast return on investment (ROI).

Compliance requirements
NCP’s NAC solution records all security relevant information transparently and makes them available in a clear form.

High scalability
The modular software architecture of all NCP VPN components allows a tailored expansion with state-of-the-art products with inexpensive updates/upgrades.

The solution for Windows 32/64 bit operating system is currently available. PDAs, smartphones etc will be supported in the near future.

The following questions should be clarified prior to implementing a NAC solution:

  • Who may login into the network?
  • Which VPN technology shall be used where?
  • To which extent may the network be accessed?
  • Can resources potentially be grouped?
  • Were all required resources identified for the relevant groups? 
  • Which functional range is desired for which area?
  • What are the local restrictions? (physical / logical)
  • May existing data be used for authentication / authorization?