This page is fully or partially automatically translated.

Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Header of macmon secure GmbH
Forums it-sa Expo Knowledge Forum D

NAC: A compact overview of approaches and solutions

Learn approaches to enforcing NAC policies and their benefits

calendar_today Tue, 10.10.2023, 14:45 - 15:00

event_available On site

place Forum, Booth 7A-106

Action description

south_east

Speaker

south_east

Themes

Cloud Security Endpoint Protection Network Security / Patch Management

Key Facts

  • 20 years of NAC experience
  • Diverse NAC approaches
  • Holistic solution

Event

This action is part of the event Forums it-sa Expo

Action description

With its Network Access Control (NAC) solution, macmon secure GmbH has been offering companies in all industries a simple way to secure their networks for 20 years. NAC is an important part of a comprehensive security concept and is designed from the outset to cooperate with other security solutions. Our product supports the requirements of various certifications and legal claims such as the IT basic protection catalogue.
With Belden as the parent company, macmon NAC is also part of a holistic solution approach from a single source, from physical cabling to infrastructure components (such as switches, access points, firewalls) to software solutions.
Here we go into the possible approaches to NAC enforcement. Furthermore, we show the advantages and disadvantages of the respective approaches and go into how macmon NAC differs from other NAC solutions.
macmon NAC allows the administrator to choose between 2 technological approaches.
On the one hand, proactive NAC can be enforced based on RADIUS authentications and, alternatively, the necessary restrictions or releases can be enabled on the basis of our network monitoring and the switching of the current configuration of the switches based on it.
Many manufacturers rely entirely on the first point and use the 802.1X standard and, for end devices that do not support it, MAC-based RADIUS authentication. With 802.1X, additional properties such as a certificate or identity with a password can be checked. A high level of security is achieved and further settings can be made with additional RADIUS attributes. The approach is very good and fits many companies and networks, but not everyone.
Therefore, we offer a second way in addition to this approach. You can easily switch between these two or even operate them mixed in the network.
Especially in the OT area, production is considered the most important asset and in many places still comes before security. In order to do justice to both, you can use macmon NAC to monitor the entire network and react to undesirable situations, such as end devices that you do not know or end devices in the wrong security zones.
We rely on standards and protocols that are more widespread and provide tailored methods (connected packages of steps for reading out or changing configurations) for all common manufacturers. SNMP and REST APIs from the infrastructure manufacturers are the most prominent representatives and allow us to abstract the data. As a result, an administrator often only needs macmon NAC for daily work and does not have to access the switches directly or different network management systems for different manufacturers in the network.
The advantages and disadvantages become apparent in specific situations. Since many companies already operate service monitoring, SNMP configurations are often already known and available. Normally, this leads to a very fast implementation of NAC via SNMP. Implementing the 802.1X standard requires more effort, since additional end devices have to be configured and tested. If you fall back on MAC-based RADIUS authentications to make your work easier, you will of course also lose the higher security level you might be aiming for. It is therefore important to consider how I proceed with which end devices.
... read more

Language: German

Questions and Answers: No

close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.