FARMINGTON HILLS – Many are familiar with the process by which a user supplies credentials – whether it is a basic username and password or a more advanced strong schema of either 2-factor or certificate – to access a resource, much like using a key to open a lock in a door. This authorization to the computer or network can have another layer of protection added, called admission control.

Admission control is an additional layer of protection that incorporates a decision as to whether or not the user and the device they are using should be ?admitted? onto the network. An analogy can be drawn to a bouncer at a nightclub ? if you don?t have the proper attire then you are not allowed in even if you have an invitation – the invitation being the authorization credentials.

Admission control can check a device and confirm if it meets the pre-defined security policy of the organization. These Admission Control policies can be very flexible to meet the needs of the organization and may include requirements such as:

Operating System Updates

Security Patches

Virus Protection

Spy-ware Protection

Host Based Intrusion Detection

Registry Keys

Organization Specific software

The Network Admission Control software can not only distinguish whether or not the required software is installed on the system but NAC can also confirm that the software is running and operating properly.

If the admission policy is not met then the user can be placed in a ?Dirty VLAN? ? a segmented area of the network that only allows remediation of the policy violation. Once the admission policy is met – perhaps the latest patches needed to be applied or the latest virus definitions needed to be downloaded – then the device is allowed onto either the internal network or some other network segment – perhaps multiple admission and/or access levels have been established ? i.e. an auditor network or guest network with access only to the internet.

Implications to Fraud Detection and Deterrence

Once Admission Control has been implemented, the monitoring and management of network resources can be dramatically increased. This reveals a double-edged sword. Unknown threats can be thwarted easier since there is an added layer of protection against Trojans and other tools that would provide access or information about a secure network since a device that has not properly been admitted is sectioned off in a ?walled garden.?

All activity on this network can be carefully monitored. But, on the flip side ? now that these invisible barriers exist there is a new concern that has arisen ? unbeknownst to the auditor/analyst only limited access is given to the network ? possibly preventing full investigation or disclosure.

This column was written by Sandy Kronenberg, Chairman, President, Netarx Inc. For more information, click on Netarx.Com