What Is Network Access Control (NAC) ? | Fortinet (2024)

Table of Contents
Network Access Control Meaning What Are the Advantages of Network Access Control? What Are the Common Use Cases for Network Access Control? Bring Your Own Device (BYOD) Internet-of-Things (IoT) devices Network Access for Non-employees What Are the Capabilities of Network Access Control? Policy Life-cycle Management Profiling and Visibility Guest Networking Access Security Posture Check Incidence Response Bi-directional integration What is the Importance of Network Access Control? Improved Security Saves Costs Automation Enhanced IT Experiences Ease of Control What Are the Types of Network Access Control? Pre-admission Post-admission Frequently Asked Questions about Network Access Control (NAC) What is network access control (NAC)? What are the advantages of network access control? What is the importance of network access control? Quick Links FAQs References
  • The Evolution of Network Access Control

What Is Network Access Control (NAC) ? | Fortinet (1) What Is Network Access Control (NAC) ? | Fortinet (2) What Is Network Access Control (NAC) ? | Fortinet (3)

Network Access Control Meaning

Network access control(NAC),also known as network admission control, is the process of restricting unauthorized users and devices from gaining access to a corporate or private network. NAC ensures that only users who are authenticated and devices that are authorized and compliant with security policies can enter the network.

As endpoints proliferate across an organization—typically driven by bring-your-own-device (BYOD) policies and an expansion in the use of Internet-of-Things (IoT) devices—more control is needed. Even the largest IT organizations do not have the resources to manually configure all the devices in use. The automated features of a NAC solution are a sizable benefit, reducing the time and associated costs with authenticating and authorizing users and determining that their devices are compliant.

Further, cyber criminals are well aware of this increase in endpoint usage and continue to design and launch sophisticated campaigns that exploit any vulnerabilities in corporate networks. With more endpoints, the attack surface increases, which means more opportunities for fraudsters to gain access. NAC solutions can be configured to detect any unusual or suspicious network activity and respond with immediate action, such as isolating the device from the network to prevent the potential spread of the attack.

Although IoT and BYOD have changed NAC solutions, NAC also serves as a perpetual inventory of users, devices, and their level of access. It serves as an active discovery tool to uncover previously unknown devices that may have gained access to all or parts of the network, requiring IT administrators to adjust security policies.

Further, organizations can choose how NAC will authenticate users who attempt to gain access to the network. IT admins can choose multi-factor authentication (MFA), which provides an additional layer of security to username and password combinations.

Restricting network access also means control of the applications and data within the network, which is normally the target of cyber criminals. The stronger the network controls, the more difficult it will be for any cyberattack to infiltrate the network.

What Are the Advantages of Network Access Control?

Network access control comes with a number of benefits for organizations:

  1. Control the users entering the corporate network
  2. Control access to the applications and resources users aim to access
  3. Allow contractors, partners, and guests to enter the network as needed but restrict their access
  4. Segment employees into groups based on their job function and build role-based access policies
  5. Protect against cyberattacks by putting in place systems and controls that detect unusual or suspicious activity
  6. Automate incident response
  7. Generate reports and insights on attempted access across the organization

What Are the Common Use Cases for Network Access Control?

Bring Your Own Device (BYOD)

With the rise of work-from-home policies, employees are increasingly relying on their personal devices to complete work-related tasks. BYOD, the policy of permitting employees to perform work using the devices they own, increases efficiency and reduces overall cost. Employees are likely more productive on devices of their choosing rather than those provided by the company.

NAC policies can be extended to BYOD to ensure that both the device and its owner are authenticated and authorized to enter the network.

Internet-of-Things (IoT) devices

Security cameras, check-in kiosks, and building sensors are just a few examples of IoT devices. Although IoT devices extend an organization's network, they also expand its attack surface. Further, IoT devices may go unmonitored or in sleep mode for long periods of time. NAC can reduce risk to these endpoints by applying defined profiling measures and enforcing access policies for different categories of IoT devices.

Network Access for Non-employees

NAC is also helpful for granting temporary access to non-employees, such as contractors, consultants, and partners. NAC can allow access to such users so they can connect to the network seamlessly without having to engage the IT team. Of course, the policies for non-employees have to be different from those of regular employees.

See Also
Guide to the Types of Access Control Models | NordLayer LearnWhat Is Access Control? | F5 LabsAccess control vulnerabilities and privilege escalation | Web Security AcademyWhat is Access Control in Cybersecurity? | NordLayer Learn

What Are the Capabilities of Network Access Control?

Policy Life-cycle Management

NAC enforces policies for all users and devices across the organization and adjusts these policies as people, endpoints, and the business change.

Profiling and Visibility

NAC authenticates, authorizes, and profiles users and devices. It also denies access to unauthorized users and devices.

Guest Networking Access

NAC enables an organization to manage and authenticate temporary users and devices through a self-service portal.

Security Posture Check

It evaluates and classifies security-policy compliance by user, device, location, operating system, and other criteria.

Incidence Response

NAC reduces the number of cyber threats by creating and enforcing policies that block suspicious activity and isolate devices without the intervention of IT resources.

See Also
What is Access Control? - Check Point Software

Bi-directional integration

NAC can integrate with other security point products and network solutions through the open/RESTful application programming interface (API).

What is the Importance of Network Access Control?

Improved Security

Because NAC provides oversight of all devices in use across the organization, it enhances security while authenticating users and devices the moment they enter the network. The ability to monitor network activity and immediately take action against unauthorized or unusual behavior means that malware threats and other cyberattacks are reduced.

Saves Costs

The automated tracking and protection of devices at scale translates into cost savings for organizations because fewer IT resources are needed. Further, blocking unauthorized access or a suspected malware attack prevents companies from suffering financial losses that may result if those activities are not thwarted.

Automation

As the number and variety of devices organizations use continue to increase, organizations cannot manually verify users and their endpoints' security policies as they attempt to enter the network. The automation features of NAC offer tremendous efficiency to the process of authenticating users and devices and authorizing access.

Enhanced IT Experiences

With seamless access, user experience is frictionless when connecting to the network. That there are controls in place working in the background gives users confidence that their IT experience is protected without any effort on their part.

Ease of Control

The visibility features of NAC effectively serve as a 24/7 inventory of all the endpoints authorized by the organization. This is helpful not only when IT needs to determine which endpoints or users have been grantedaccess to the network but also for life-cycle management, when devices must be phased out or replaced.

What Are the Types of Network Access Control?

Pre-admission

Pre-admission network access control occurs before access is granted. A user attempting to enter the network makes a request to enter. A pre-admission network control considers the request and provides access if the device or user can authenticate their identity.

Post-admission

Post-admission network access control is the process of granting authorization to an authenticated device or user attempting to enter a new or different area of the network to which they have not been granted authorization. To receive authorization, a user or device must verify their identity again.

Frequently Asked Questions about Network Access Control (NAC)

What is network access control (NAC)?

Network access control(NAC) is the process of restricting unauthorized users and devices from gaining access to a corporate or private network.

What are the advantages of network access control?

Network access control comes with a number of benefits for organizations:

  1. Control the users entering the corporate network
  2. Control access to the applications and resources users aim to access
  3. Allow contractors, partners, and guests to enter the network as needed but restrict their access
  4. Segment employees into groups based on their job function and build role-based access policies
  5. Protect against cyberattacks by putting in place systems and controls that detect unusual or suspicious activity
  6. Automate incident response
  7. Generate reports and insights on attempted access across the organization

What is the importance of network access control?

Network access control helps in many areas, but specifically provides: Improved Security, Saves Costs, Automation, Enhanced IT Experiences, and Ease of Control.

Quick Links

Free Product DemoExplore key features and capabilities, and experience user interfaces.
Resource CenterDownload from a wide range of educational material and documents.
Free TrialsTest our products and solutions.
Contact SalesHave a question? We're here to help.
What Is Network Access Control (NAC) ? | Fortinet (2024)

FAQs

What Is Network Access Control (NAC) ? | Fortinet? ›

It serves as an active discovery tool to uncover previously unknown devices that may have gained access to all or parts of the network, requiring IT administrators to adjust security policies. Further, organizations can choose how NAC will authenticate users who attempt to gain access to the network.

Continue Reading
What is the difference between NAC and VPN? ›

What is the difference between NAC and VPN? While VPNs grant remote connectivity and NAC offers in-office compliance checking, they fall short in safeguarding the mobile workforce against advanced attack tactics.

Find Out More
How does a NAC device work? ›

NAC solutions continuously verify the identity and compliance of devices and users, regardless of location or access level. These NAC solutions stringently enforce policies, allowing only authorized entities to access specific network resources and upholding the principles of a Zero Trust environment.

Know More
What is Cisco NAC used for? ›

NAC solutions help organizations control access to their networks through the following capabilities: Policy lifecycle management: Enforces policies for all operating scenarios without requiring separate products or additional modules.

See Details
What is the difference between firewall and NAC? ›

A firewall generally controls traffic by blocking non compliant traffic coming into and out of a network, and generally works off simple rule sets. NAC acts on the endpoints themselves to control traffic between devices within the network in a more flexible fashion.

Get More Info Here
What is NAC used for in networking? ›

Network access control (NAC), also known as network admission control, is the process of restricting unauthorized users and devices from gaining access to a corporate or private network.

Keep Reading
How does NAC Network Access Control work? ›

How does network access control work? Network access control discovers all the devices connected to a network, categorizes them according to their type, and acts based on preconfigured rules, protocols, and authentication factors.

Learn More Now
Is network access control necessary? ›

As risk mitigation is one of the main functions of cybersecurity, network access control serves as a cornerstone for a company-wide data security strategy.

Learn More
What are the two stages in the network access control (NAC) process? ›

Network Access Control can be configured to comply with several technical, business, and security policies. NAC typically consists of a two-stage process: authentication and authorization.

Keep Reading
When can network access control (NAC) checks occur? ›

Pre-admission control applies NAC policies before a device is granted access to the network. If the device does not meet policy conditions, it will not be admitted. Most NAC implementations use pre-admission control. Post-admission control applies NAC policies after a device has already been granted network access.

Discover More

What is the purpose of NAC? ›

N-acetyl cysteine (NAC) is used by the body to build antioxidants. Antioxidants are vitamins, minerals, and other nutrients that protect and repair cells from damage. You can get NAC as a supplement or a prescription drug.

Read On
Is NAC hardware or software? ›

Network Access Control Software Defined

Network Access Control (NAC) software prevents unauthorized users and devices from gaining access to an organization's network. NAC software authenticates users and devices and ensures that devices are compliant with corporate security policies.

Find Out More
How much does a network access control cost? ›

Top Network Access Control Solutions Comparison
Asset Discovery, Visibility & ProfilingLowest Tier Cost
NordLayer NAC✔️$7/month/user
Ivanti Policy Secure✔️Contact sales
Portnox Cloud✔️$200/month/admin
FortiNAC✔️$92/month/100 endpoints
2 more rows
Apr 15, 2024

Keep Reading
Is VPN a NAC? ›

All devices connecting to the Duke network have the Network Access Control (NAC) agent installed and pass the User-Managed scan in order to access our network from the Virtual Private Network (VPN).

Know More
What is the function of NAC network? ›

Network access control (NAC) solutions enable IT to authorize or prevent users and devices from accessing resources on the network. NAC plays an important part in delivering least-privilege access to resources that is foundational to Zero Trust Security strategies.

Continue Reading
What is a DHCP NAC? ›

DHCP (Dynamic Host Configuration Protocol) is a broadcast protocol for dynamically allocating IP addresses to computers on a network. When a client computer attempts to join a DHCP-enabled network, the client broadcasts an address request message.

Learn More Now
What does NAC stand for? ›

N-acetyl cysteine (NAC) is a supplement form of cysteine. Your body doesn't make it and it's not found in foods, but it still plays an important role. Like cysteine, NAC bonds with glutamine and glycine to form glutathione, a powerful antioxidant.

Learn More
How is NAT different from VPN? ›

Businesses can use NAT to provide multiple devices on the internal network with access to the Internet using a single public IP address, while using VPNs to provide secure remote access to the internal network for employees and contractors who work remotely.

Know More
What is the difference between Nord onion over VPN and double VPN? ›

The Double VPN feature routes your data through two separate VPN servers, encrypting your data twice for maximum protection. With the Onion Over VPN feature, you relay your data to the Onion network through a secure VPN server, ensuring that your safety even if the network is compromised.

Explore More

References

Top Articles
Corn Cheese Balls Recipe
Aubergine Zaalouk with Chickpeas and Za'atar Flatbread | Rebel Recipes
Sedano rapa: proprietà e valori nutrizionali | Donna Moderna
Sedano rapa: 10 ricette per gustarlo al meglio
Peach Cafe San Jose Ca
Avoid Oracle Verified SAM Program: Six Key Reasons
Nsu Occupational Therapy Prerequisites
Danny Koker Wife’s Korie Koker, Their Children, and his Family. - CarTvShows
H0271 059 04
USD/CAD rises above 1.3700 ahead of Core PCE inflation
Vuelo 244 Avianca Hoy
Flexibility | Sports Medicine | UC Davis Health
Latest Posts
Vegetable Barley Soup Recipe - Budget Bytes
Rajasthani Sattu Recipe | Teej Sattu| Sattu for Badi teej (kaijali teej)|Dalia sattu - Desi Fiesta
Article information

Author: Aron Pacocha

Last Updated:

Views: 5995

Rating: 4.8 / 5 (48 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Aron Pacocha

Birthday: 1999-08-12

Address: 3808 Moen Corner, Gorczanyport, FL 67364-2074

Phone: +393457723392

Job: Retail Consultant

Hobby: Jewelry making, Cooking, Gaming, Reading, Juggling, Cabaret, Origami

Introduction: My name is Aron Pacocha, I am a happy, tasty, innocent, proud, talented, courageous, magnificent person who loves writing and wants to share my knowledge and understanding with you.