Utilizing NAC Policy to Deal with Smartphone Access Control

By CIOReview | Tuesday, September 13, 2016

Mobile devices such as smartphones and tablets have revamped today’s computing world with its wide array of features, ranging from the most basic functions such as Wi-Fi and Bluetooth connectivity to NFC. However, security has become a major concern for organizations with the introduction of BYOD and CYOD. These employee-owned devices in enterprise networks are now creating a demand for Network Access Control solutions that aim at delivering mobile access control mechanisms ranging from authentication to access control enforcement and endpoint security. It further instantly denies access to devices that fail to comply with the rules.

NAC Policy for Mobile Devices

Organizations prefer a secure and scalable NAC solution to access the digital workspace from trusted mobile devices. NAC rejects the device connecting to the network against a set of published policies and authorizes a device entirely based on its characteristics and policy. The combination of NAC, MDM, and MAM helps in creating a substantial enterprise mobility framework. Moreover, NAC solutions can also leverage the use of MDM to drive solutions for email, calendar, and WiFi access for BYOD.

NAC policy aims at delivering effective security controls while supporting organizations to resolve application privacy, usage policy, and apps support concerns.

The primary steps in NAC policy include:

• Assess–The first and the foremost step is to identify and gather data about the devices that access the system. Data gathering involves collection of information about endpoint health, user identity, and endpoint identity. In addition, the steps in assessment also include: running a remote scan and installing information on the endpoint.

• Evaluate–Evaluation identifies the type of network access that should be granted for the devices. It is a process of comparing information gathered during the assessment step with the NAC policy to determine the maximum limit of network to be granted. The policies vary across different groups.

• Enforce—Enforcement considers decisions taken during the evaluation and enforces it. In addition, it identifies the appropriate levels of network access to be granted. The level of access is enforced through wireless access points and firewalls.

Ongoing monitoring (monitoring of endpoint behavior and health) and remediation (fixing problems if any) also constitutes to the NAC policy.

Addressing NAC Issues in Devices

Certain smartphones and tablets do not directly meet the requirements to gain accessibility over the NAC network; making them less prone to NAC client installations. The alternative to creating the need for accessibility can be explained using two approaches: the captive portal approach and whitelisting the MAC address.

The captive portal approach is a wireless feature for guest networks. When a user tries to connect with a device, the NAC device captures the network traffic and redirects it to the authentication page. Once accepted, the user is authorized to join the network with the appropriate level of network access. At times, it can be difficult to detect the captive portal as the devices fail to recognize the DHCP address correctly even after authenticating.

Filtering the MAC address of approved wireless devices is an alternative option to access the NAC system. This enables IT staff to identify the newly deployed devices and add their MAC address directly to the NAC system. In addition, the approach benefits enterprises by giving access to only the known addresses.

The future of network access control aims at broadening its accessibility to ensure that infected devices don’t easily penetrate a healthy network. Enterprises should use NAC to provide flexibility and adapt to inevitable network changes. It should opt for a wireless secure infrastructure to enhance the performance and eliminate the challenges more effectively.