liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Comparative Study of Network Access Control Technologies
Linköping University, Department of Computer and Information Science.
2007 (English)Independent thesis Advanced level (degree of Magister), 20 points / 30 hpStudent thesis
Abstract [en]

This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide.

There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies.

This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network.

One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance.

Place, publisher, year, edition, pages
Institutionen för datavetenskap , 2007. , 114 p.
Keyword [en]
NAC, Network Access Control, Trusted Platform Module, Trusted Computing Group, Trusted Network Connect, Network Access Protection, Network Admission Control, 802.1X, root of trust
National Category
Computer Science
URN: urn:nbn:se:liu:diva-8971ISRN: LITH-IDA-EX--07/028--SEOAI: diva2:23688
2007-05-11, Al-khwarizmi, IDA B, Linköping University, Linköping University, 09:15
Available from: 2007-06-18 Created: 2007-06-18

Open Access in DiVA

fulltext(1056 kB)1773 downloads
File information
File name FULLTEXT01.pdfFile size 1056 kBChecksum MD5
Type fulltextMimetype application/pdf

By organisation
Department of Computer and Information Science
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 1773 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 1120 hits
ReferencesLink to record
Permanent link

Direct link