Network Access Control, or NAC, is a hot technology in the IT sector. Fundamentally it is an intuitive approach - limit network access. In reality this is an important technology that is rather complex. The idea goes well beyond the concept of only allowing authorized users in to the network. A complex NAC product can be configured to allow specific people to access specific things on the network. The granularity can be to the point that if the user is connecting from the corporate LAN they get access, but if they are connecting from a wireless device or from outside of the physical network they are not allowed access.

A NAC can help with security and privacy, however to use it effectively you have to lay the ground work with policy. If inappropriate content is placed in an area that unauthorized users have access to then you have undermined the effectiveness of the NAC. Probably the most commonly “misplaced” information is data such as social security numbers.

In June 2007 it was reported by DarkReading.com that American Airlines pilots discovered that by searching their intranet for “AA” and “Medical” they obtained more than 300 social security numbers and other personal information about employees.

A NAC requires some user education as to what types of data are appropriate for specific segments of the network. Determining who gets access to which network segments is also important.

What data is exposed on your intranet? Who has access to it?

Randy Abrams is the Director of Technical Education for ESET LLC