Cisco Writes the Book on NAC

Network Access Control, which is more commonly referred to by the acronym
NAC, is the most hyped term in networking today. It’s also one of the least

Wouldn’t it be great if there was a book about NAC?

Well now there is and it comes from none other than the vendor that coined
the term NAC in the first place, Cisco .

No it’s not quite NAC for Dummies and it’s not even just one book. Cisco
Press has a two volume set now out with a 244 page Volume 1 titled NAC
Framework Architecture and Design and a 587 page volume 2 titled NAC
Framework Deployment and Architecture.

“We saw a need for a book to come out or a roadmap to help customers
understand because NAC is unlike other products like a router or a
firewall,” volume 2 co-author David White Jr told
“NAC involves a lot of products and because of that it’s more complicated
and there is a need to educate people about what’s required to configure NAC
properly in their networks.”

The need for education was rampantly apparent to volume 1 co-author Denise
Helfrich who explained that some NAC customers had been trying to deploy
without proper knowledge, planning or preparation.

“Our writers were deploying it and have a lot of knowledge working with it,”
Helfrich told

While Volume 1 is focused on design and architecture, Volume 2 is all about
deployment and troubleshooting. From a deployment point of view Volume 1
co-author White noted that the biggest challenge with the NAC framework is
that users really need to understand what they are trying to accomplish and
map things out first.

“What are the goals and how do I deploy in a phased approach,” White
explained. “It’s not like a single device where you drop it in the network
and then everyone in the network is protected by NAC framework. That’s not
how it works.”

How it works is that NAC is deployed on individual devices throughout an
enterprise network. IT administrators need to understand if NAC
can in fact be supported as well as how it can be deployed and tested.

Helfrich added that because NAC policies can limit network access it’s
important to understand what NAC do first before deploying it out to the
entire enterprise. She suggests that enterprises roll it out gradually and
tweak policy accordingly. If access is too tight you may end up denying
access to users that should not be denied.

Though Cisco was the vendor that first coined the term NAC, there are other
NAC architectures out there. Among them is the Trusted Computing Group’s
Trusted Network Connect which is championed by Juniper Networks and other.
There is also Microsoft’s
Network Access Protection (NAP)
which will ship with Window Longhorn
Server later this year.

Though the Cisco books are written by Cisco, they may also prove to be of
some use for other NAC architectures as well. Helfrich noted that in volume
1 they didn’t write about any particular vendor since Cisco NAC can be used
with hooks for other vendors. The general principles about NAC architecture
and planning however are based on best practices and likely have broad
relevance for a variety of NAC deployments.

“Volume 1 is about planning and design and includes lots of good fundamental
where we use questions to build security policies regardless of vendor,”
Helfrich said.

White added that volume 2 is more specific for the implementation of Cisco
NAC and the only real purchaser should be those who are planning to deploy.

“Volume 1 is broad and is not just for Cisco customer it really helps to
educate the network world what is NAC and helps them to think about
protecting their endpoints,” White said. ” It’s broader than just a customer
looking to implement Cisco NAC. ”

Though technology always changes, the authors of the NAC books have some
degree of future proofing built into their works.

“Since volume 1 is about understanding a lot will stay the same, it’s the
details that will change as new features will be added,” Helfrich said.
“Conceptually the fundamentals will not change.”

News Around the Web