13.1. Making the Case

A standards-based NAC solution, whether industry-based or based on proprietary standards, can help to simultaneously integrate existing or new technologies and products, leveraging them to control device security and network access, as well as those organizational groups and disciplines that manage and deploy those technologies and products.

• A standard can emphasize or ensure interoperability between existing or new network components.

• When you use an interoperable standard with other technologies and products, it can help to assure that any new technology or product selection that your organization makes works seamlessly with the standard and existing deployed products.

You and your organization need to determine what value a given technology or product, whether it uses industry or proprietary standards, offers to your business. The following sections give you the considerations that you must make to determine whether to use a standards-based solution.

13.1.1. Costs

Standards enable technologies to be open and accessible, and they can provide you the ability to choose from several different vendors. So, a NAC solution based on open industry standards, as discussed in this book, can decrease total cost of ownership, while at the same time enabling you to choose the product or technology that you want to use and integrate.

13.1.2. Integration

NAC solutions integrate user-, device-, and network-related security and access control technologies. These technologies include

• Authentication, authorization, and accounting (AAA)

• Endpoint device integrity and security

• Network policy management and enforcement

• Quarantine and remediation

A NAC solution that leverages industry standards can usually facilitate the integration and interoperability of disparate- or like-technologies. This can decrease the total cost of your NAC solution.

13.1.3. Organization linking

A NAC solution links within an organization various departments or disciplines that manage different aspects of the network and internal infrastructure. For example, a NAC solution may link the teams within an organization that manage and administer

• Network operations and administration

• Security operations

• Desktop management

• RADIUS or identity management

• Compliance

13.1.4. Filling the roles

Many open, industry-adopted, market-proven standards can play integral roles in your NAC implementation and deployment.

You also can find burgeoning open standards for NAC, as well as several proprietary standards in the NAC market.

13.1.4.1. Industry standards

NAC solutions may include industry standards that deliver robust authentication capabilities:

• Remote Authentication Dial-In User Service (RADIUS): In use extensively in networks worldwide for its powerful authentication abilities.

  NOTE

  RADIUS is a standard that the Internet Engineering Task Force (IETF) created and approved first for use in dial-up networks. Dial-in networks used to be prevalent, and anyone who wanted to communicate with another person by computer had to either

  • Connect to an electronic bulletin board or CompuServe.

  • Send e-mail by using a modem on their PC from which they dialed into a modem pool via a Telnet or other access telephone number at their Internet service provider (ISP).

• Simple Network Management Protocol (SNMP): Assists in the challenges of network management and provides a communications vehicle between networked devices.

  Some NAC solutions use SNMP to deliver access control.

  
  

• Dynamic Host Configuration Protocol (DHCP): Used to deliver the configuration parameters that enable endpoint devices to operate over an Internet Protocol (IP) network.

13.1.4.2. A basket of standards

Some open standards are a collection of standards and technology protocols combined by the standards organization to address a specific issue or problem.

For example, Internet Protocol Security (IPSec) is a collection of different open standards that IETF has created by combining Requests for Comments (RFCs), delivering a set of protocols that enable protected communications over an IP network.

13.1.4.3. Leveraged standards

Open industry standards leverage other standards to deliver a complete solution to a problem.

The 802.1X standard is for port-based network access control. The 802.1X standard integrates RADIUS, as well as a secure, flexible framework that ensures the secure passing of data between the components of an 802.1X-compliant network from the IETF, named the Extensible Authentication Protocol (EAP).

In a network based on the 802.1X standard, RADIUS and EAP provide port-based network access control that has strong, durable authentication and security.

13.1.4.4. Groupies

Some standards have been created and approved by groups of individuals or organizations who agree that the defined specifications or guidelines address a specific challenge or solve a particular problem, such as network access control and network security:

• The Trusted Computing Group (TCG) — a not-for-profit organization created to develop, define, and promote open, accessible standards for trusted computing and security technologies — formed the Trusted Network Connect Work Group (TNC-WG) for this purpose.

  The TNC-WG of the TCG has created and continues to develop an open set of standards and an architecture that serves as the foundation for open, standards-driven, interoperable NAC solutions.

• The IETF's Network Endpoint Assessment Working Group (NEA WG) has the charter of developing standards for network access control.