Still, if your goal with network access control is to restrict user activity, what better place to apply policy than on the host itself? Many host-based NAC software suites combine anti-malware, desktop firewall and application access control, at a minimum, to protect hosts from malicious software and from the person at the keyboard. We know that antivirus software can identify only that malware for which it has signatures, meaning new viruses are often undetected. In contrast, desktop firewall software not only blocks network traffic attempting to access the host, it can also limit how host applications can access the network. Application access control is not new—it's been in desktop firewall software for years—but the relevance to NAC is evident: If an application is unable to send e-mail or connect to IRC, or make any network connection, for that matter, its adverse impact is mitigated. The malware must still be removed, but you've bought yourself time.
 |
| This article is the first of a series and is part of NWC's Rolling Review of host-based NAC. Click on that link to go to the Rolling Reviews home page to read all the features and reviews now. |
Considering that many NAC products allow access to the network to do assessments anyway, a host-based NAC product squelches problems at the source. One sticking point: IT often shies away from agent technology. Yet, nearly all NAC products use some form of agent for host assessment and log-in tracking. So-called "dissolvable agents" are ActiveX or Java components that must be downloaded and executed on the user's computer, often with Power User or local Administrator rights. Moreover, unlike network-based NAC products that sit in-line or out-of-band, the protective measures inherent in host-based systems travel with the computer, so a laptop is equally protected from attack at the coffee shop down the street as it is on the corporate LAN. The Requirements
The critical factor for successful host-based NAC is centralized management. That includes agent deployment, configuration, reporting and troubleshooting. The last thing you want is users making decisions about what should or shouldn't be allowed to run.
Equally important is that IT be able to centrally manage hundreds or thousands of agents from a single point. That means visibility into the health of all agents, plus organizational features that allow you to group similar host agents and delegate administrative functions to distributed staff. For example, you might want to give departmental IT admins the ability to set some access policies while retaining central control of host configuration requirements.
Client interface features are also a vital part of host-based NAC, and the ability to control the agent UI is important to streamlining management. A client that's popping dialog alert bubbles results in helpdesk calls. All logging and alerting should be sent back to a central log server, where experienced administrators can view activity and take corrective actions. In some organizations, tailoring the client experience can reduce this burden: Tech savvy users may be granted more access to UI functions, while details are hidden from those inclined to panic at warning messages. In either case, ensure that the product you choose provides a way to remotely troubleshoot agent issues without having users jump through hoops or read cryptic messages over the phone.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
As we move closer to fully realizing the potential of Wi-Fi 7, it becomes evident that the RF, signaling, and throughput tests are not merely procedural checkpoints but the pillars of excellence in wireless communication.
With low earth orbit (LEO) satellites fast becoming the norm and 3GPP unifying telecom standards around the globe, the satellite IoT and machine-to-machine (M2M) sector ought to be looking at a bright horizon. But is this the case?
