RealTime IT News

Cisco Writes the Book on NAC

Network Access Control, which is more commonly referred to by the acronym NAC, is the most hyped term in networking today. It's also one of the least understood.

Wouldn't it be great if there was a book about NAC?

Well now there is and it comes from none other than the vendor that coined the term NAC in the first place, Cisco .

No it's not quite NAC for Dummies and it's not even just one book. Cisco Press has a two volume set now out with a 244 page Volume 1 titled NAC Framework Architecture and Design and a 587 page volume 2 titled NAC Framework Deployment and Architecture.

"We saw a need for a book to come out or a roadmap to help customers understand because NAC is unlike other products like a router or a firewall," volume 2 co-author David White Jr told internetnews.com. "NAC involves a lot of products and because of that it's more complicated and there is a need to educate people about what's required to configure NAC properly in their networks."

The need for education was rampantly apparent to volume 1 co-author Denise Helfrich who explained that some NAC customers had been trying to deploy without proper knowledge, planning or preparation.

"Our writers were deploying it and have a lot of knowledge working with it," Helfrich told internetnews.com.

While Volume 1 is focused on design and architecture, Volume 2 is all about deployment and troubleshooting. From a deployment point of view Volume 1 co-author White noted that the biggest challenge with the NAC framework is that users really need to understand what they are trying to accomplish and map things out first.

"What are the goals and how do I deploy in a phased approach," White explained. "It's not like a single device where you drop it in the network and then everyone in the network is protected by NAC framework. That's not how it works."

How it works is that NAC is deployed on individual devices throughout an enterprise network. IT administrators need to understand if NAC can in fact be supported as well as how it can be deployed and tested.

Helfrich added that because NAC policies can limit network access it's important to understand what NAC do first before deploying it out to the entire enterprise. She suggests that enterprises roll it out gradually and tweak policy accordingly. If access is too tight you may end up denying access to users that should not be denied.

Though Cisco was the vendor that first coined the term NAC, there are other NAC architectures out there. Among them is the Trusted Computing Group's Trusted Network Connect which is championed by Juniper Networks and other. There is also Microsoft's Network Access Protection (NAP) which will ship with Window Longhorn Server later this year.

Though the Cisco books are written by Cisco, they may also prove to be of some use for other NAC architectures as well. Helfrich noted that in volume 1 they didn't write about any particular vendor since Cisco NAC can be used with hooks for other vendors. The general principles about NAC architecture and planning however are based on best practices and likely have broad relevance for a variety of NAC deployments.

"Volume 1 is about planning and design and includes lots of good fundamental where we use questions to build security policies regardless of vendor," Helfrich said.

White added that volume 2 is more specific for the implementation of Cisco NAC and the only real purchaser should be those who are planning to deploy.

"Volume 1 is broad and is not just for Cisco customer it really helps to educate the network world what is NAC and helps them to think about protecting their endpoints," White said. " It's broader than just a customer looking to implement Cisco NAC. "

Though technology always changes, the authors of the NAC books have some degree of future proofing built into their works.

"Since volume 1 is about understanding a lot will stay the same, it's the details that will change as new features will be added," Helfrich said. "Conceptually the fundamentals will not change."