In-Depth

Foiling Hackers with NAC: First, Know What You Have

Increasingly, hackers have infiltrated "protected" enterprise networks. One NAC provider says the key to maximizing your protection is to know what’s on your network.

• By Jason Turcotte
• 11/14/2006

When Ofir Arkin led a discussion on Network Access Control (NAC) security at IT Security World, held in San Francisco earlier this year, he was pleased to see the participants acknowledge the risks associated with vulnerable networks. Arkin says that with hackers learning new ways to bypass such controls, enterprises have their work cut out for them.

"To my surprise, most of the people in the audience knew the various problems and are aware of the issues," said Arkin. "They’re aware of the shortcomings, but they want something that’s easy to configure."

Few NAC security products offer the simplicity at the price enterprises pine for, and experts are quick to call the technology a latent solution.

Arkin, a CTO at security vendor Insightix (an Israel-based company specializing in NAC security solutions), says hackers have plenty of tricks up their sleeves when it comes to bypassing NACs and business-to-business solutions are most vulnerable. Some intruders are bypassing an element’s quarantine by designating static IP addresses that belong to the main enterprise network. Others are finding ways to re-direct network users to the hacker’s own portal, affording opportunities for data theft.

Enterprises can start to secure their controls by first addressing the applications on their network. Intruders will continue taking advantage of networks if a company cannot identify new users.

"The most important thing is to know what’s on the network," Arkin says. "If I’m not able to understand [that], I don’t stand any chance in enforcing security."

While Arkin says NAC vulnerabilities are a relatively new phenomenon, they are, rather insidiously, beginning to affect more types of enterprises than ever before. Depending on the network configuration, there are a variety of ways hackers have infiltrated "protected" enterprise networks.

"I think it’s a general security issue rather than sector-wise," notes Arkin. "You can see it in the banking industry, the telecommunications industry, and the health industry."

NAC solutions aren’t necessarily a complete safeguard against intrusions, but they do add a new dimension to visibility within a network, and that visibility is the first step in reducing risk for enterprises. Arkin says rather than replacing NAC equipment, enterprises should invest in the controls they have.

He suggests using products that provide real-time inventory of everything on the network, which helps a business identify changes within their network. He recommends that enterprises leverage their existing NAC technology through increased monitoring and better management. Once a NAC solution identifies new users, the tool should also indicate whether or not those users are complying with securities policies in place.