A computer network access control is employed in order to control any kind of communications by any software, user or computer within or outside the network. This is to prevent damages like viruses, data theft and intrusion and uphold the integrity and safety of a network.
There are two types of control that a network imposes. The first control is called pre-admission or verification. Before a communication can be approved or before an outside- network computer can access a network or a computer within a network, the communication and the communication carrier will have to be verified first. What specific verifications a carrier or a communication needs to pass in order to gain access to a network? Usually, there are standards that networks such as security and identity. If for example, a user wants to run an executable file within a network, a password is asked and only when the password is verified and identified as correct by the network can the file be allowed to run. Otherwise, the network will not allow the file to run. The second type of control is post-admission. This only means that even if a user gain access to a network, a user will only be able to make actions within the network depending upon the conditions set by the network. A user might be allowed to open files but cannot make changes to them or he may only be allowed to open Shared folders and nothing else within other computers.
There are also instances that a user will not be able to access a network even with a correct password if there are other pre-conditions that he did not meet like an out-dated antivirus or when it runs a harmless but is deemed as suspicious file by the network. A network access control does not recognize gray areas because it can only read conditions as True or False for it to allow or disallow access. If a user is unable to meet a condition, access is always denied wherein it will only approve access if the user meets the condition. Controls can have exceptions if a network administrator opts to provide these. In most cases however, exceptions are done. A network administrator can give manual exceptions to a particular user if it is personally verified that a user is safe to access the network.
Resolving Network Access Control Issues
There are, however, ways to resolve this. One of the most common ways is quarantine network. In a quarantine network, a user is given network access but with very limited access to hosts or applications. In a case that the network recognizes an out-dated antivirus database, it simply allows the user to make use of applications or access files that will resolve the out-dated antivirus like the update folder or patch folder of the antivirus and the user will only be allowed to have access with the rest of the network when the out-dated antivirus is resolved. The creation of the quarantine network is an option provided by a network access control for legitimate and harmless users that might possibly be denied network access.
CISCO
The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context.
- Asset visibility
- Guest and secure wireless access
- Device Administration
- Secure wired access
- Segmentation
- Device Compliance
- Security ecosystems integrations
- Threat containment
- BYOD
ARUBANETWORKS
Aruba is the industry leader in wired, wireless and security networking solutions for todays experience edge.
- Agentless policy control and automated response
- Secure access for guest, BYOD and corporate devices
- Leverage the ClearPass Security Ecosystem
- Deliver integrated best-in-class security with SD-Branch
FORESCOUT
Forescout is the leader in device visibility and control. Achieve 100% device visibility, with network segmentation and device management of all connected devices, and automate threat response across campus, data center, cloud and OT environments.
- Visibility Platform: See Devices and Systems Others Can’t
- Forescout Device Cloud: Accurately Classify
- Device Intelligence Dashboard – Improve Security Operations and Incident Response
- Enterprise Scalability – Scale as Your Business Needs Grow
- Security Orchestration – Tear Down Security Silos
- Forescout Flexx Licensing
PORTNOX
Portnox: Network Security. Simplified. See, control and manage all users and devices – even BYOD and IoT – accessing your network with on-premise and cloud solutions, Portnox offers agile network access security to fit your business needs.
FORTINET
Fortinet delivers high-performance, integration security solutions for global enterprise, mid-size, and small businesses.
- With identified devices, FortiNAC can narrowly restrict network access for those devices to only necessary network assets
- Interact with and configure network devices (switches, wireless access points, firewalls, clients) from more than 150 vendors
- FortiNAC architecture enables effective scaling to multi-site locations and supporting millions of devices
SOPHOS
Advanced Endpoint Protection with EDR and Artificial Intelligence, Next Gen Firewall with Synchronized Security and Business-Grade Security for Home Users.
TEMPEREDNETWORKS
Secure Connectivity and Segmentation for Control Systems and IIoT.
- The Modern Airgap for IIoT
- North, South, East, West Micro-Segmentation for Granular Control
- Massive Reduction in Attack Surface for Enhanced Security