Network Access Control (NAC) is one of the hottest buzzwords in networking. Every vendor has a NAC product - or at least they’ve found a way to relabel their existing product as a NAC product. But what does NAC really mean?

The basic concept is simple. You need to control who can access your network and what they can do once connected.

With wireless networks, this is essential. An open wireless network is like an open door. Walk right in and steal our data! Please! But wireless networks are just the most extreme case. With guests and contractors in the building, wired networks aren’t much safer.

So NAC is a way to control access across to your network. That’s a good start. Remote access gateways have included network access control for ages. But modern NAC goes way beyond traditional access controls. First, access controls can be applied to every part of your network not just remote users. Second, you can prevent the spread of viruses by checking the health of each machine when it connects to the network. Health checks are especially important for guests, contractors, customers, and other people whose machines are not controlled and managed by IT. You may also want to impose other access controls, like nobody can access the finance servers while they’re backing up at night.

So my full definition of NAC is

• a way to control access to all parts of a network by checking user identity, endpoint health, and other factors

That’s it! Of course, the ideal NAC system is secure, reliable, scalable, cost-effective, easy to use, and easy to manage. But those are standard requirements for all enterprise-grade systems. In a future post, I’ll explore different NAC technologies and how they fulfill the promise of NAC.