Assessment
The NAC cycle begins and ends with assessment. Pre-admission assessment occurs before a host is granted full access to the network. Post-admission assessment, after access has been granted, enables a host to be periodically reassessed to ensure it does not begin to pose a threat. Host assessment gathers information, like a host's OS, patch levels, applications running or installed, security posture, system configuration, user login, and more, and passes it to a PDP. What information is gathered is a function of your defined policy and the NAC product's capabilities.
| NAC Assessment Methods | |||
| Host assessment is a fundamental part of determining the state of a host and the kind of access it should receive. These are the common assessment methods used today. Many NAC vendors support at least two of these methods. | |||
| Method | How it works | Benefits | Drawbacks |
| Persistent Agent | A software agent is installed and performs assessments. The agent could be part of a larger package, like a desktop firewall, or a broker similar to Cisco Trust Agent. | A single installation that travels with the computer. Once the software is installed, the user never has to interact with it again. Offers deep inspection of the host. | Not all systems, especially guest systems, can install an agent. The agent needs the proper privileges to assess the host. The agent must support all your OSes and applications. |
| Dissolvable Agent | Similar to a persistent agent, the dissolvable agent is written in a mobile language like Java or ActiveX and is downloaded and executed. The assessment is generally performed by the agent, rather than offloaded to other sources. | Can be installed on any host, and mobile code is more likely supported on multiple OSes. These agents are usually small, under a megabyte in size, so they can be sent over slow links. | Not all systems support the mobile code. The user needs the appropriate permissions to run the code; in Windows, this is often local Administrator or Power User. |
| Remote Procedure Call | A server on the network runs scans using RPC or WMI on the target computer. The server needs the host's administrator credentials to run the scan, as well as access to the host. | No agent installation required, yet has the potential to dig fairly deeply into a host. | Not all users have local administrator access, and the concept of least-user-privilege should further restrict this access. Guests are difficult to support. Checks are not as thorough as agent approaches. |
| Vulnerability Scan | A server performs a vulnerability-assessment scan on the host. The VA scan attempts to identify the OS, services running and any vulnerabilities. | No agent installation and, often, no need for credentials make scanning simple. Provides a detailed view of attack points on a host. | Limited view of the host if administrator credentials are not available. Scans can take a long time and may potentially crash services. Host firewalls will interfere with ability to scan. False positives or false negatives are potential problems. |
| Passive Monitoring | Rather than assess a host's condition, monitors the host for bad behavior, like scanning or worm infection. Can perform intrusion detection and monitor authentication requests and responses. | Detects malicious behavior regardless of a host's condition. Passive monitoring may use signature- or anomaly-based detection. Offers real-time detection of noncompliant activity. | The only data available on a host's condition is what is transmitted back to the network. OS and service detection may not be accurate. Need to have a view of network traffic, which may be difficult to achieve. |
Assessments can use either a permanently installed agent, common in host based NAC, or more likely dissolvable agents, so named because they are based on Java or ActiveX and disappear after they're used. Dissolvable agents are sometimes called agentless NAC, but this method does in fact involve agents that must be downloaded and installed on the host computer.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
